What is the purpose of cyber security insurance?

Cyber security insurance aims to protect businesses against financial losses caused by ever increasing cyber incidents, including data breaches, information theft, hacking of systems, ransomware extortion and denial of service attacks (DDoS). For small businesses with databases of sensitive information online, on the cloud, or on a computer, this coverage could prove vital.

Cybersecurity insurance is the same in nature as any type of insurance. It aims to reduce financial uncertainty and make unexpected loss manageable. 

Recovering from a cyber incident can be prohibitive for an organization which is where cyber risk insurance comes into play- hopefully. According to IBN, data breach average costs increased 2.6% from USD 4.24 million in 2021 to USD 4.35 million in 2022. The average cost has climbed 12.7% from USD 3.86 million in the 2020 report. Ransomware seems to be the most expensive of attacks to recover from. 

We can identify the most popular cyber attacks, but let’s define the most prominent cyber risks: privacy risk, security risk, operational risk, and service risk. These also include transgressing compliance laws and regulations, which come with their own fines and penalties.

What exactly cyber insurance policies will cover comes down to each insurance provider and should be carefully considered and spelled out before taking out a policy. There are many lawsuits against cyber insurance carriers due to their cyber claims not being covered by non-cyber policies or not covering important gaps. Look out for added extras like coverage of Social Engineering attacks, Reputational Damage impacting profits resulting from cyber incidents and others.

It is important to note that the following aren’t usually covered in the policies:

• Potential future lost profits
• Loss of value due to theft of your intellectual property
• Betterment: the cost to improve internal technology systems, including any software or security upgrades after a cyber event