Could You Survive a Cyberattack?
Generally, cyberinsurance is divided into two types of coverage--first party and third party. First-party coverage insures businesses against the costs they may face in the event they are hacked. That means it will pay the policyholder for the material costs of a break-in, some legal fees, and fees for forensic analysis, which is used to determine the nature and extent of the break-in.
Third-party coverage is for the liability related to a breach in security or privacy. This includes the lawsuits that may result if customer data is leaked via a security breach, malware, virus, or other negligence on the part of the company.
The cost of cyberinsurance varies depending on the size of your business and the industry you are in, as well as the amount and type of information your business stores. "A key metric to look at is the type of business you are in and how much personal information you have in your care, custody, and control," says David Beyer, managing member of Digital Risk Resources, a Novato, California, company that develops cyberinsurance products for insurance companies. Beyer says, "If there are lots of employees and lots of information, the greater the exposure is."
Of course, all businesses have an obligation to protect customer data, but businesses such as restaurants and retailers may require less coverage than do financial institutions and medical companies, which have reams of data about their customers and stricter privacy laws to follow.
Coverage typically comes in preset amounts determined by the insurance carrier. You should expect to pay less than $150 annually for about $25,000 worth of coverage. For multimillion-dollar coverage, the annual premium can be thousands of dollars.
By the Numbers
In 2011, there were more than 414 reported cybersecurity breaches that exposed roughly 23 million confidential records. Here's a look at some of the costs that occur when privacy is lost.
Average total cost of a security breach: $3.7 million
Average cost of a legal defense: $582,000
Average legal settlement: $2.1 million
**
Which industries are affected most by cybersecurity lawsuits?
Financial services: 26 percent
Health care: 20 percent
Retail: 10 percent
Source: Netdiligence
