While thinking about Cyber Resilience from Cyber Security, the very first change in thought process is we accept the fact that our security mechanisms / defense strategies will fail, in simple words a cyber security breach will happen. When it does, how soon and smoothly can you recover.
Depending on the severity of breach / incident, there can be multiple effects – investigation required, fix the security issue, public alerts, court case, settle the loss to customers, etc. Most of the effects of security breach and the consequent actions to be taken, boils down to financial stress (directly or indirectly).
Cyber Insurance is one step towards Resilience, more specifically Cyber / IT Resilience in such scenarios.
What is Cyber Insurance?
Its an insurance product tailored to protect your business from cyber crime and data breaches. This isn’t new offering, its been around prior to 2010. In recent couple of years, due to the rise of cyber crimes, data breach, security incidents, Cyber Insurance is now
We still do not have a standard underwriting for a Cyber Insurance but in general most insurers cater to below areas.
- Credit Monitoring / Protection Services
- Cost of investigation post breach
- Notifying customers about breach
- PI / Identify Recovery
- Cost associated with damage / contesting Intellectual Property
- Ransom Payments
- Data Restoration costs
- Legal / Law Suit Expenses
- Fines and any loss incurring due to exposure / loss of customer data
These are just a consolidated summary of coverage areas. The cyber threat landscape is changing every day, more threats, different techniques arise.
How is it different from the general insurance policy / business insurance
General Insurance or Business Insurance may cover risk to your property, service, assets. For eg. a fire in your building, a loss of your equipment, damage to your infrastructure.
A risk arising due to a cyber crime / breach shall not be covered under normal insurance products.
A data recovery / or storage equipment repair might be covered under business insurance in the event of a fire or a potential physical damage, whereas the data loss / corruption or damage due to a cyber attack shall be covered under Cyber Insurance.
Insurance as a step towards Resiliency
When we talk about Resiliency, it focus on how soon can you recover as smooth as possible. This translates to reduced stress at all levels while recovering back to normal operations. Few areas that get affected by a data/security breach or attack, is Financial, Reputational, & Legal loss.
Having an apt cyber insurance policy in place, would let you transfer your risk to the of insurer by way of capital and expert advise to handle the situation.
A major bag of financial burden is transferred to the insurer as they may take care of the initial investigation, legal remedies, defensive legal suits, and cost associated with recovery of services. Thereby during the incident, you could better focus available resources to ongoing operations and other needy areas.
The entire effects of the incident might not be mitigated or complemented by the insurer, but this ofcourse helps organization with a much more resilient environment in terms of recovery, ensuring appropriate timely resources, expert advise and limiting the damage to minimum.