Cyber Liability Insurance: Is it really necessary for data security?

hacker.jpgA cyber attack is something no institution wants to be part of, but the chances of being affected by one never stop being a possibility, no matter how much you have spent on data security in your company, so being prepared is a priority. But, what happens once you’ve being targeted by an attack or are already affected? The costs involved in the process are so high that a new plan of action is needed, and there is one option taken straight from our daily life.

Due to the huge amount of cases, no longer than 10 years ago, insurance companies start offering Cyber Liability Insurances, also known as CLIC. Honestly, in one of those weird coincidences of life, CLIC stands for “Cyber Liability Insurance Coverage” and it provides you with compensation in case you’re victim of a digital attack. They have become an alternative that more and more companies are taking.

A cyber attack is defined as any threat to the digital integrity of your business or web service from third parties, which can include:

  • Remote hacking
  • Data erasure
  • Database modification
  • Secret Files leaks
  • Theft of sensitive data
  • Ransomware
  • Others

According to a study done by the Ponemon Institute and HP in 2015, the cost of a cyber attack can skyrocket up to 15 million dollars with a growth rate of 19% a year, a number that can sum up to 6 trillion dollars globally on a global scale. These costs not only involve recovering the data, but also what the company has lost as a result.

Due to these spooky numbers, companies are constantly looking for a way to protect themselves from the vulnerabilities that involve having the company in a digital environment, because it’s obvious to assume if you can protect an office from a fire, it’s also possible to keep the integrity of this spectrum by hiring another insurance that can reduce the impact.

But “Cyber Insurance” doesn’t offer all the safety mechanisms and warranty other kinds of insurances cover. In case of an attack, the insurance can’t just return what was lost in the process like the database or sensitive information like it could do with a house or a car.

What this service covers is the costs of the investigation process, help to recover from the losses, client notifications about the theft and legal and extortion fees in case you’re a victim or ransomware. This, while makes wonders for some companies, doesn’t return the most valuable assets that companies have: information.

All these benefits come at a cost. According to a sample by Cyber-Data-Risk Managers, annual fees for the insurance can go from USD$ 600 for a doctor’s office up to USD$ 42,000 for an entire hospital, and this concept is still alien for developing countries, and a quick Google search shows that not many insurance companies offer the service in Latin America.

Since it is fairly new, Cyber liability insurance is still in constant evolution in learning how to better help those in trouble. But this doesn’t mean it’s a bad service, since its main objective it to help businesses that can lose everything if they lose their databases or would involve a putting a halt in their operation.

In a study made by Symantec, 30% of phishing victims were small business, and 43% of all attacks were directed to medium size companies that can’t invest in data and computer security, making this insurance a great recovery tool.

But at the same time, it is up to the business owner to decide where to invest. If their cyber security structure is weak, it is important to strengthen that part with security software before hiring an insurance, since the costs will keep increasing after each attack. Having both could be the best solution for a business that wants to develop, and who knows, maybe in the future having a CLIC will be as normal as a car or home insurance. 

How about you, how do you prepare for a Cyber-attack? Leave us a comment to know your story.

{{cta(‘033e2d68-a3be-46f9-9c1c-cc6a5079e7d2’)}}

Nicolas Poggi

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.