Cyber Insurance: How It Works & What You Need to Get Covered

What Is Cyber Insurance?

Cybersecurity insurance is a product that helps businesses reduce the risk of cybercriminal activities such as cyberattacks and data breaches. Internet-based threats that affect an organization’s IT infrastructure have a high cost, which is generally not covered by ordinary business liability policies or traditional insurance products. Cyber insurance can help protect organizations against this cost.

With the increasing risk of cyber attacks on applications, devices, networks and users, cyber insurance is becoming more important for businesses. Data breaches can have a significant impact on your business, including direct financial impact, indirect costs, reputational damage, and revenue loss. Another type of damage is legal liability or regulatory fines, as a result of the loss or theft of third party data.

Cyber insurance is very similar to the process of buying insurance against physical hazards and natural disasters. It covers any losses that a company may incur as a result of cyberattacks.

Cyber insurance protects businesses from cyber incidents, including cyber terrorism and state-sponsored cyber attacks, and gives organizations the resources to recover from major security incidents.

This is part of an extensive series of guides about cybersecurity.

Who Needs Cyber Insurance?

Given the growing number of cyberattacks and the high costs associated with remediation, cyber insurance is important for almost every business.

One of the main targets of hackers and cybercriminals is data containing personally identifiable information (PII) such as names, addresses, social security numbers, bank account information, and credit card numbers. This information can be used to commit fraud, perform secondary attacks, and might be sold on the dark web. This is a special concern because it exposes the organization to legal and compliance risk.

Many believe that smaller organizations, or those with a relatively low public profile, are immune to cyber attacks. But in reality, cybercriminals can easily target these organizations. Many attacks are automated and not specifically targeted against well-known organizations—but can still have devastating consequences.

On the other hand, well-known large organizations can be targets of sophisticated attackers and organized hacker groups. This type of cyberattack typically uses ransomware to attack large, high-value targets. Victims are selected based on their ability to pay the ransom and their likelihood to pay the ransom to restore operations or avoid public investigation.

How Does Cybersecurity Insurance Work?

Many providers of business insurance also sell cyber insurance policies such as errors and omissions (E&O) insurance, business liability insurance, and commercial property insurance. Most policies include:

  • First-party coverage for losses that directly affect a company.

  • Third-party coverage for losses suffered by others as a result of a cyber incident or incident as a result of a business relationship with that company.

  • Liability insurance is typically also included.

Cyber insurance helps cover cyber accidents and financial losses caused by accidents. Cyber risk coverage also helps cover remediation-related costs, including legal assistance, payments to investigators, communications and media, and customer refunds.

What Does Cyber Insurance Cover?

In the event of a cyber attack, most cyber insurance policies cover financial and reputational costs if data or electronic systems are lost, damaged, stolen or destroyed. This includes both first party costs (faced by the organization buying the insurance) and third party costs (faced by other organizations or individuals).

First-party compensation includes the cost of:

  • Cybercrime investigations

  • Data and computer system recovery lost due to security breaches

  • Lost revenue due to business closure

  • Reputation management

  • Hacker extortion claims including payments

  • Notification fees (in case regulations require the organizations to notify affected third parties)

Third-party costs, resulting from a claim against the organization buying the insurance, include:

  • Damages and settlements

  • Cost of legal defenses

  • Claims in violation of the EU General Data Protection Regulation (GDPR) or similar regulations.

What Do You Need to Acquire a Cyber Insurance Policy?

The first step in getting cyber insurance is to audit your infrastructure and document cybersecurity policies and systems. To determine coverage and cost, the cyber insurer will need to know what cyber defenses your organization has. Like other insurers, cyber insurance companies cannot insure organizations without a robust security strategy and infrastructure.

After your cybersecurity infrastructure audit, you can contact insurance companies to purchase policies. Insurance companies review your current cybersecurity strategy to determine risk levels, and provide an insurance offer and price that reflects the risks. Each insurance company has its own policy standards, exceptions, and costs—therefore, be sure to carefully review the policy terms.

What Are the Most Common Requirements for Cyber Insurance?

Implementing EDR Across All Endpoints

Endpoints are all virtual environments, devices, and servers connected to the network. Attackers exploit endpoint vulnerabilities to enter the system, install malware, and move laterally through the network. Antivirus (AV) software helps protect endpoints by detecting known malware, but this technology is often insufficient for combatting modern threats.

Endpoint detection and response (EDR) software continuously monitors, detects, investigates, and responds to advanced endpoint threats. Cyber insurers often require EDR as part of the organizational incident response strategy.

Using Multi-Factor Authentication (MFA)

MFA is often a minimum requirement to protect business systems by using more than one authentication method to control user access. Common authentication factors include one-time passwords (OTPs) and biometrics (e.g., fingerprints). Insurers often look for MFA to secure business accounts and applications and prevent unauthorized access from outside the organization.

Establishing a Backup Strategy

Insurers look for good backup strategies to minimize disruption and prevent extortion in the event of a ransomware attack. Most cyber insurance professionals require businesses to meet specific backup standards, such as establishing backup procedures, creating offline backups, or employing an alternative backup solution.

Backups should remain isolated from other network parts to prevent adversaries from reaching them during an attack. Insurers often require backups for sensitive apps to be immutable and offline.

Setting Up IAM

Identity and access management (IAM) enforces access policies to monitor and control activity across the network. The ability to monitor user activity depends on the technologies used. IAM should track login attempts, determine access rules, and grant user permission based on established policies. It helps mitigate insider threats, operator errors, and automation misconfiguration risks.

Managing Patches

Proper management is especially important for critical security patches. It involves regular patch updates, inventory mapping, and listing security controls like firewalls, AV, and EDR. Patch management can also include risk classification and prioritization, and patch testing. Insurers review businesses’ patch management to determine how easily attackers can compromise assets.

See Additional Guides on Key Cybersecurity Topics

Together with our content partners, we have authored in-depth guides on several other topics that can also be useful as you explore the world of cybersecurity.

What is TTPs

Authored by Exabeam


Authored by Exabeam

Understanding Cyber Insurance with BlueVoyant

In this on-demand webinar, learn how to balance the costs of cyber insurance and cybersecurity services to achieve the most benefit for your business

Darker Black Architectural Texture