Cyberattack Insurance

 As business owners working in a system that revolves around technology and online data, it is becoming essential for businesses to purchase Cyber Insurance. Today, over 50 different carriers provide Cyber Insurance to protect companies against online attacks and the accrued losses. What companies are realizing though is that the insurance is not nearly enough to fully protect the companies, and there are major obstacles for both businesses and insurance. 

      The first major issue both insurance companies and insured companies are facing is that there is not enough historical data to help insurers appropriate an estimate for how much a company would need to be insured for. In the past, many data breaches have either gone unnoticed or were not reported publicly in order to avoid damaged reputation, but that has left insurance companies with very little reliable data. Also, attacks are becoming more and more advanced as time goes on, and so the data that the insurers do have is often outdated and no longer applicable. Past statistics are now almost irrelevant. 

     Last year, the total amount of Cyber Insurance paid was $1.3 Billion. Cyber Insurance numbers are significantly smaller in comparison to that of Property Damage Insurance. Most current insurance plans only cover clean-up costs such as attorney fees, implemented call centers and other steps to help stabilize the company after the breach takes place, but since they cannot estimate how much it would be needed to cover losses, the insurance is limited. Larger corporations are trying to take much more caution and buying millions of dollars’ worth of insurance, hoping to be able to cover any major damages done, but small or medium sized companies are still left with less coverage and greater risk. 

    The second major issue that insurance has almost no ability to fix is the intangible effects a data breach can have on a company. Loss of trust from customers, damage to a brand or company reputation can create far greater losses for a company. Unfortunately, there is no accurate way to estimate what those effects will have on a company. If we look at the case of Target, their brand reputation was seriously injured and many customers no longer trust shopping at their stores. Also, the Cyber Insurance that Target did have cannot fully cover the charges that Target is trying to repay to its customers along with the changes it is trying to make to the company to ensure this type of attack cannot happen again. 

      One tactic that Insurance companies are trying to use in order to better get an idea of an estimate for a company is to hire a hacker and have them find the weak spots in a company’s website in order to get some idea of what their risk would be, but even this is not a completely accurate plan, since cyber criminals are constantly changing their tactics and moving to more advanced technology. Also, with more and more companies joining cloud computing, it is still unsure whether or not this will be safer for companies or create greater risk. In cloud computing, one breach could potentially damage many companies at once, and the new cyber Insurance Industry needs to figure out how to protect these companies as best they can. 

To read more about Cyberattack Insurance, check out the full article from the New York Times.
To learn how TCG can also help insure your company is protected from Cyberattacks, check out our Business Coninuity page and our Systems Management page and see how TCG can provide peace of mind for your business!