Cyber risk is more prominent than ever, and with it, insuring cyber risk has gotten more complex.

Comfort Insurance & Finances recognizes that this affects not just individuals but corporations and businesses, no matter the size. Large and small, those in technology, finance, manufacturing, and more are at risk of cyberattacks.

On the personal level, there is the risk of your computer being taken over by ransomware, losing access to your computer and all your files, and having important personnel files sold off on the dark web. For businesses, there is a similar risk. Still, there is also the risk of having clients' personal data stolen and losing all the trust that your clients have in your organization, in turn destroying your company’s reputation. Don't worry; we’ll review some examples of cyber insurance and how to choose the right one and avoid those nasty ransomware and cyber risks.

Cyber Risks and Real-world Examples

First things first: What is a cyber risk? At its basic, cyber risk is the risk of attacks over the internet aiming to breach your network and make off with indispensable information. This can be through ransomware, phishing, data breaching, or social engineering attacks.

Two prominent and recent cyber risks/attacks that recently occurred are the data breach that leaked over 200 million Twitter users’ personal information and one where a Linux backdoor malware allowed for the exploitation of over 30 plugins for WordPress, resulting in websites transferring incoming traffic to phishing sites. Why is this important? Well, for a business, this creates not just negative publicity and distrust for the company. But it also opens up the business to potential legal issues of negligence regarding securing a client’s personal data.

Why Cyber Insurance Matters

Now, what does the cyber insurance do? And is it a part of my general liability policy as a business? NO. General liability covers bodily injuries and property damage resulting from your products, service, or operations and, as such, is generally excluded from a general liability policy. Sadly, as much as we can help prevent cyber risk by helping guide you to helpful resources and teams, cyber insurance is not preventive insurance coverage. Rather, cyber insurance covers the liability for data breaches involving sensitive customer information, cyberattacks that occur not just in the United States but worldwide, breaches of networks, and cyberattacks on your data held by vendors or other third parties.

When looking for a good cyber insurance policy, it serves well to keep an eye on whether the cyber insurance is First-Party coverage or Third-Party Coverage.

What is First-Party vs. Third-Party?

First-Party Coverage protects your data, both employee and customer information. It also includes your business’s cost in relation to legal counsel, recovery and/or replacement of stolen data, customer notification, crisis management, aid in cyber extortion, forensic services to investigate the break and any lost income due to business interruption.

Third-party coverage generally protects you from liability if a third party brings any claims against you. Typically, this includes payments for clients affected by the breach, settlement expenses related to lawsuits or disputes, losses linked to defamation or trademark infringement, accounting costs, and costs of litigation and responding to regulatory inquiries.

Cyber Insurance Trends 

What current trends are we seeing for 2024? As we continue to evolve and grow with technology, we begin to get into a higher chance of cyberattacks, and we have seen the number of cyberattacks grow at an alarming rate in the last five years. Though just as the threat has grown, so have the ways to defend from them and the manners to deal with the aftermath of such attacks. New and more sophisticated cybersecurity controls have helped to contribute to this trend, decreasing cyber insurance renewal pricing. We have also seen more carriers begin to offer cybersecurity in the industry. But what are these cybersecurity controls?

Tips for Enhanced Cybersecurity

Some basic tips for cybersecurity involve using strong passwords that are at least 12 characters long and have a mix of letters, symbols, and numbers. Updating software is also imperative, as this allows your devices to stay up to date and remove any backdoors and vulnerabilities found in previous software versions. Backing up important files either offline or in the cloud allows for always access to important documents even if your systems may be compromised. When handling sensitive data, try to encrypt the data in order to protect not just your business but also your clients’ information better. Lastly, establish a cybersecurity culture in your organization that helps and encourages good cybersecurity etiquette when handling data and working online.