Cyber threats pose a major danger to every organization, regardless of the size and status of the business. Individuals, SMBs, and enterprises develop and improve their cybersecurity to counter potential threats efficiently. However, hackers always have the first strike advantage. So an attack causing a data breach or IT system disaster is a matter of when not if, for an organization.
Cybersecurity insurance is a tool to mitigate security breach consequences for an organization. In this post, we at ANY.RUN decided to find out what cyber insurance is, what it does and doesn’t cover, who needs to develop appropriate policies, and why.
What is cybersecurity insurance?
Cyber insurance (cyber attack insurance, cybersecurity insurance, cyber-liability insurance) is one of the insurance policies that protect organizations from hacking attempts, ransomware attacks, and other cyber threats. It serves to avoid or mitigate the disruption of workflows during an attack and the consequences that follow. The potential coverage of financial expenses connected with the site recovery can also be included.
Speaking formally, cybersecurity insurance is a contract that an organization concludes with an insurer about protection from IT-related issues. Those issues can be connected with computers, internal and external networks, and software.
Who needs cybersecurity insurance?
In short, every contemporary organization would receive multiple benefits from getting cyber insurance. The reason is that any functioning SMB or enterprise should be present online. That online presence requires IT attributes such as a website, a network, and a digital environment, including various software and hardware solutions.
Organizations store, transfer, and process such data as the personal information of clients or staff members, intellectual property objects, financial reports, contracts, and other documents. That data can be intersecting for hackers to get and use.
The organization’s IT infrastructure can also become a ransomware attack’s target. Apart from backup ransomware protection software, a cyber insurance policy can bring helpful resources for an organization to recover from a digital disaster after most successful attacks.
What attacks can be a claim reason?
The list of issues triggering cyber insurance can include:
- Malware incidents
- Fund-transfer fraud attempts
- Business email compromise (BEC) issues
- Ransomware attack cases
Contract conditions may also include other IT-related problems that an organization risks facing. Those can be connected with the company’s website, software, network performance, original data, and backups. In short, everything depends on the agreement between an organization and an insurer.
What is included in cyber insurance coverage?
The contract is what defines the fields and incidents covered by insurance. But there is a common point in the cyber insurance market. Cyber insurance focuses on compensating expenses following a successful cyber attack on an organization’s IT environment or subsystems. With that in mind, the policies of cyber insurance can cover:
- Data recovery
- Incident investigation
- Legal defense expenses
- Customer reparation payments
Note: Though paying ransom to hackers is not recommended by government officials worldwide, an organization’s cybersecurity insurance contract may suppose covering that sum as well.
What does cyber insurance not cover?
When speaking of cyber insurance as a relatively new and developing market niche, the covered areas remain pretty limited regarding the associated cyber risks. Cyber insurance may not cover particular aspects of cyber incidents that are critical for an organization. Understanding what is not covered, in this case, is as vital as getting that insurance contract for what can be insured. The proper understanding of coverage limitations can help organizations correctly plan and implement the cybersecurity strategy to protect assets that are not insured.
For example, when an organization loses intellectual property or sensitive client data after a cyberattack, no insurance can cover the cost of that property’s development and financial and reputational losses potentially following a data loss disaster.
In other words, cyber insurance can help an organization deal with the financial expenses directly caused by the attack but not the total price of rebuilding cybersecurity systems. Neither does cyber insurance cover the brand reputation decrease and possible client-base-related losses.
Major cyber risks and cyber insurance
Sometimes, cyberattacks are not limited to a single organization but cause disruptions globally. According to Munich Re’s Survey 2022, 86% out of 17 thousand participants claimed that their companies are not protected enough against cyber risks like ransomware, supply chain, and critical infrastructures.
For instance, ransomware attacks successfully breached the cybersecurity of major organizations worldwide, causing multi-billion dollar losses.
Largest ransomware cases in 2021
|Colonial Pipeline||$4.5m – ransom paid|
|JBS USA||$11m – ransom paid|
|CNA Financial||$40m – ransom paid|
|Kaseya||$70m – ransom demand|
|HSE Ireland||$600m – overall damage|
As the situation with those global ransomware disruptions shows, the cyber insurance market is evolving and facing challenges. Clients think insurance providers can and should cover such cases as common issues. In turn, providers may reasonably believe that the state-sponsored digital catastrophe spread across numerous clients is a force-majeure type of incident. For now, no standard practice regarding global disasters has been developed among insurance companies and legal authorities.
Cyber insurance is a policy to help organizations deal with the aftermath of IT-related troubles such as ransomware attacks, fraud transfers, and data loss. Insurance is not a panacea, and organizations’ leaders should not view it as a replacement for cybersecurity and data protection solutions. The most effective approach that can bring the most resilience to the organization’ is the combination of cyber attack insurance and reliable security measures. For example, understanding attacks, proper analysis of malware, and network traffic in ANY.RUN sandbox can provide robust defense in the future.
When considering your policies, keep in mind that the cyber insurance market is evolving together with the related risks. For instance, not every contract can guarantee insurance coverage for your organization in case of a global state-sponsored cyberattack. Clarify contract conditions thoroughly and never neglect standard cybersecurity and data protection policies.