What is Cyber Insurance?

We write a lot on this blog about how personal cybersecurity comes down to convenience versus risk, but for companies in certain sectors it can be more a question of liability and compliance. Not only can you insure your company against the risks of operating a network that stores proprietary information or stores the personal data of your customers or users, but now you can even insure yourself with personal cyber insurance. In today’s blog post, we’ll examine the ins and outs of cyber insurance from personal cyber insurance, to what your MSP can do to meet compliance standards and get the best value out of your cyber insurance.

Who Needs Cyber Insurance?

Personal cyber insurance is a relatively new kind of insurance that can cover data breaches and ransomware attacks on your personal devices. It is typically an add-on to your homeowner’s insurance and is modestly priced; State Farm offers coverage for $25 per year, while other insurers have modest deductibles for reasonable coverage. While the numbers are pretty fuzzy on how much a hack can cost an individual on average, it’s certainly worth considering at $25 per year, especially since it often covers online fraud and even cyberbullying.

For companies, if you are trying to insure your network infrastructure and proprietary information, your general liability insurance may include “data breach insurance.” If your general liability policy doesn’t include it, you may need to add a cyber policy that can cover data breaches, including investigation costs, credit monitoring services for affected customers, and expenses related to the disruption of your business or loss of value related to a data breach.

“Third-party cyber insurance” policies are ones that cover things like litigation and arbitration after a data breach, but for a third party (not the victim of a breach). Despite being written about extensively on the internet, these policies are mostly intended for software and IT professionals who are responsible for their clients’ software and security. Instead, a general liability policy probably offers the types of protections that most businesses need covered, including the ones already mentioned, plus accidental loss of data, or a fire in the server room.

Compliance, Insurance, and your Managed Services Provider

For a small or medium business, cyber insurance is a great way to protect the company from small disasters, but procuring it also means undergoing an assessment of cyber risk to accurately value your infrastructure and the value of your data. Depending on what kind of data you work with, insurers could ask that you follow guidelines similar to the compliance guidelines that companies adhere to from NIST, the National Institute of Standards and Technology. Being insured and meeting compliance standards could go hand-in-hand for some situations and sectors as well.

If your company works in the defense industry in any capacity, then you probably already know that the landscape of federal standards for compliance is changing, moving from NIST 800 series to CMMC compliance rules. Along with these changes comes further reaching changes to the standards for third-party compliance audits, including their intersection with cyber insurance underwriting. As John Farley, managing director of Cyber Practice, wrote here, compliance with CMMC could lead to better cyber insurance rates, expanded coverage, and a more efficient application process for policies.

As your managed services provider, Crown Computers can help you deploy network and data solutions that don’t just get you into compliance with new standards, but give you all of the security and flexibility you need to keep your operations smooth and your data safe. Crown Computers can work with your company to keep a finger on the pulse of changing compliance practices and provide you with top-notch security solutions that go above and beyond the bare minimum for compliance. This, in turn, can help you get the best value out of your company’s cyber insurance.

-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team