It’s an innocent mistake. Someone in your company clicks on a phishing link and suddenly customer data and private company information are at risk. It’s a terrifying thought. Outside of enterprise companies, most companies don’t have the internal know-how to mitigate the risks. That’s exactly why cyber insurance is the hottest new protection for everyone from emerging industries and ambitious consumer brands to tech startups. Cyber insurance is one way to help your business recover following a cyberattack. It covers financial losses caused by events such as data breaches, cyber theft, ransomware, and more. But few people understand these new policies. Because of the complicated nature of cyber insurance, there are a lot of myths out there that can be harmful to your business if you fall for them. Plus, as we always say, the best time to manage a crisis is before the crisis. Let’s debunk these 4 cyber insurance myths together.
First, cyber insurance typically covers the cost of:
- Recovering data
- Legal proceedings
- PR crisis management: notifying stakeholders such as customers and or investors about the incident
- Restoring the personal identities of those affected
- Extortion fees
You can see why cyber insurance policies are in high demand. They cover all the bases of your worst nightmare. And yet, there is a lot of fine print in most policies, so it’s important to ask questions and know what isn’t included in your cyber insurance premiums.
Myth #1: All I need to protect my business from cyber threats is a cyber insurance plan
This could not be further from the truth. Your insurance provider will only cover your business if you meet the requirements outlined in your contract. Most reputable insurers will require proof that you have followed the proactive cyber measures outlined in your policy. If you can’t prove your compliance, your claims are unlikely to be paid.
One of the most common insurance requirements is that you have top-tier cybersecurity protection. Another common requirement is evidence of a solid plan in place should you have an incident. You often see these plans referred to as table-top exercises, and they are typically done from a purely technical basis, so Avaans Media has teamed up with Ignite Solutions to cover your technical and brand bases should you experience a cyber incident. A plan like that could help you get cyber insurance, lower your rates, and provide a template for the recovery of both data and brand. Plus, if you ever are breached, you’ll have a team of experts who already know you and your company.
Myth #2: I don’t need insurance since I have cybersecurity solutions
Even though cybersecurity solutions can bolster your defenses, they don’t make you immune to cyber incidents. Yes, cybersecurity solutions reduce the risk of a cyberattack by identifying and protecting vulnerable points in your system. However, no solution can completely protect against all threats because staying on top of emerging risks is challenging. Yes, we absolutely recommend ongoing monitoring, but remember, it only take a second, and human error always results in vulnerabilities in a system, regardless of how secure it is. That’s why it’s a good idea to have a cyber insurance policy in place to fall back on in case of an incident.
Myth #3: Cyber insurance is easy to get
As technology advances, so do the occurrences of cyber incidents. With small and medium-sized businesses being the most susceptible targets of cybercriminals because of a lack of enterprise-level protection, the likelihood of an attack is high. Cyber incidents are so frequent and costly, that insurers have been losing money with their policies. As you can imagine, that’s not sustainable for anyone. Insurers are reluctant to provide coverage since the risks are significant. While policies are still available, they are becoming more expensive and difficult to obtain. This is why proactive steps will help you secure a quality insurance policy. Know what you will do and who will do it. This kind of planning could save you millions of dollars in lost revenue, not to mention brand damage. For example, should you turn off your computers if you’re breached? Who pauses all social media and outgoing emails to clients while the breach is active? Who will talk to the press?
Myth #4: My policy will handle my claims in case there’s an incident
If you can’t prove that you’ve complied with your cyber insurance policy’s prerequisites, your claim will probably be rejected. More and more, insurers are requiring you to complete a series of steps to reinforce your policy. Some of these steps are technical, and some are operational. Covering your bases with an IT service provider and your PR team to develop a plan increases the likelihood of claim approval. An expert PR and IT service provider can help you remain compliant with your cyber insurance policy and provide evidence of such compliance. The best time to handle a crisis is before it happens and never is this more true than with cyber incident planning. Plus, knowing that you know what to do and how to do it will give you peace of mind whenever you see another security breach headline.
Partner for success
It’s crucial not to fall for the above myths about cyber insurance so that your business qualifies for a policy and receives the coverage you pay for. However, it’s also important to remember that cyber insurance is something that demands a lot more time and effort than you might have.
For more information on protecting your data and your brand, contact us.