It sounds simple: Your company’s data is a valuable asset to your organization. So, you should be able to protect it with cybersecurity insurance…right?
Well, it’s a bit more complicated than that.
It’s true that many insurance companies are offering cybersecurity insurance. This type of insurance claims to help offset financial loss following a data breach. Before you rush to sign any dotted lines, though, there are some things you should know about.
As CSO recently pointed out, it’s difficult to estimate the value of information. It’s much harder than estimating the value of a tangible object like a car or a house. Data can be easily overvalued, which can drive up the cost of a premium. It can also be undervalued which can increase risk.
Consult with several different companies before you agree to any cybersecurity insurance plan. The last thing you want to do is place an incorrect value on your company’s data. Ask around, and compare the estimates that you receive.
Also, your business may not receive total coverage following a cybersecurity incident. Most cybersecurity insurance plans will cover part of the direct cost of a data breach. This may include the cost of downtime, as well as the cost of lost business opportunities. It may also cover the cost of necessary cybersecurity consultants, or legal services.
What cybersecurity insurance won’t cover are indirect costs. These may include:
- Class action lawsuits from angry customers
- Lasting damage to the brand
- Having to replace an executive
According to IBM, the average cost of a data breach is now $4 million. About 59 percent of this figure is comprised of direct costs. The other 41 percent is made up of indirect costs.
So, should your business purchase cybersecurity insurance? It’s a complicated question, and one that would require taking a close look at your business’s situation.
We can advise you, though, to dig into your own data and try to estimate its value before you start consulting with insurance companies. First, figure out what information you are holding. Then, consult with a trusted source—or multiple sources—so that you don’t blindly enter the cybersecurity insurance market.
Next, you should look to protect your data. After all, the best way to deal with a data breach is to try and prevent one from happening in the first place. It's not always possible to prevent a breach, but it's important to try.
There are simple steps you can take to reduce the likelihood of a data breach. The easiest one, by far, is to consult with a third party managed services provider like Apex Technology Services. Apex will conduct a top-down assessment of your digital assets, and then provide a sound strategy for protecting them.
A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.
In addition, our new Cybersecurity Compliance Certification for law firms will help keep your legal practice from becoming the next Panama Papers victim. This baseline cybersecurity audit for the legal industry should be considered seriously by all law firms.