Like many cybersecurity and information security experts, you may know that cybersecurity insurance policies are a standard element in an overall cybersecurity protection plan. But what are cybersecurity insurance policies protecting you from?
Glad you asked. Cybersecurity insurance policies are designed to cover costs directly associated with a security breach.
Documenting & investigating a cyber attack
If your organization experiences a security breach, your information security team must engage immediately with legal counsel from your insurance provider’s approved vendor list to determine the exact next steps. As a best practice, before a security incident occurs, have a discussion and engagement letter in place with breach counsel. The costs incurred from this outside counsel would be covered under your policy.
Data recovery & hardware repairs
In a cyber incident, your organization should recover data and repair hardware through a digital forensics firm from your insurance provider’s approved vendor list. The costs your organization incurs from the digital forensics firm would be covered under your policy.
Notifying consumers & regulatory agencies of a cyber incident
If customer data was included in a security breach, you must notify your customers and relevant regulatory agencies, like the CFPB. In some instances, your organization might be required to set up continuous credit monitoring through Experian or Equifax. Your insurance provider’s preferred vendor list will provide information on the notification process, including contracting with identity monitoring vendors. The cost to set up these monitoring services would be covered under your policy.
Crisis management responses
Reputational damage is a serious threat and implication to cybersecurity incidents. Many organizations hire a public relations firm to help manage public communication to mitigate reputational damage. The costs your organization incurs from the public relations firm would be covered under your policy.
Negotiating ransomware payments is a skill and should be handled by experienced experts. A digital forensics firm from your insurance provider’s approved vendor list would be equipped to handle this activity. Engage that provider to handle this process. The costs your organization incurs from the negotiations firm and the ransomware payments would be covered under your policy.
Cybersecurity insurance policies inlcude two types of coverage: first-party and third-party coverage.
First-party insurance covers the costs incurred or the income lost when managing specific situations as a result of a cyber incident.
- Business interruptions
(e.g. business income loss during the interruption period, the shutdown of computer systems to mitigate or avoid loss, or a system failure)
- Contingent business interruptions
(e.g. when a security breach affects an outsourced service provider and payment for lost services is necessary)
- Digital asset destruction, data retrieval & system restoration
- Social engineering & cybercrime
- Reputational loss
- Extortion events
- Breach response & remediation expenses
Third-party insurance covers expenses incurred by contracting with external parties responding to a cyber incident. Examples include the following common activities:
- Damages and legal defense expenses due to a security or privacy breach claim
- Regulatory proceedings, fines & penalties
- Media liability, such as defamation, trademark infringement, or invasion of an individual’s right to privacy
- Technology and professional services liability, such as an error that prevents technology products from performing as intended or title infringement with respect to software or computer code