Cyber security is a growing issue in today’s world and the targeting of small and medium size businesses (SMBs) is a major concern in 2016. However, most SMBs aren’t aware of the risks and how to protect themselves. This is where cyber insurance (CI), when used correctly, may be able to help.
CI is a rapidly maturing market that I expect to be one of the biggest drivers of corporate security programs over the coming years – more about that in my next blog. According to a recent study by consulting firm PwC, the cyber insurance market looks to triple to about $7.5 billion over the course of the next five years. The CI market is very fragmented, leaving a lot of different options in coverage. Large companies have been mitigating their risks for some time and now could be the ideal time for SMBs to take advantage of the of the immature marketplace before the options become more limited.
There are insurance providers currently offering coverage targeted toward SMBs, a more recent direction for CI. So how does one determine the type of protection needed?
Here are a few things to think about before looking for coverage:
- Know the data assets you’re looking to have covered and what needs to be insured.
- Understand what your potential coverage includes, and do not pay for services that are not required. Did you know some things may already be covered under your GL, PL or E&O?
- Pay close attention to the exclusions.
- Understand the differences between first (what covers you) and third party coverage (what covers your clients).
REMEMBER: If your company has no way of detecting a breach then how will you know when to make a claim? In almost all cases for SMB’s, we will end up recommending outsourcing this to a third party. Waiting until someone else tells you: “you’ve been compromised”, isn’t the ideal intrusion detection system.
CI can be a great way to mitigate some of the risks caused by a breach. Incident response, forensics, legal advice, etc. are all very costly and with cyber insurance available from just $1000 per annum, it’s a worthwhile consideration as part of a security program. CI is a growing market and much like the wild west, there aren’t many rules yet. With that in mind, if investing in cyber insurance sounds like something of interest, now may be the best time to act.
Tiro Security is a specialist staffing and professional services firm that focuses on helping SMBs inexpensively improve their security posture and lower their premiums. If you would like more information, please feel free to connect with me.
DISCLAIMER: I, Kris Rides, am not an insurance broker and all of the above are my personal views on the current CI market. With the market still developing, I would recommend picking a great broker who knows the ins and outs of the plans they offer. I have a great contact and am happy to share it. PM through LinkedIn or via e-mail and I will connect you.