Smaller companies increasingly are the subject of data breaches and those smaller companies “are the number-one target of cyber-espionage attackers,” according to a recent study detailed in a April 24, 2013 CFO.com article entitled “Should You Consider Cyber Insurance?” (here). Smaller companies increasingly are the subject of cyber attacks due to “inadequate security infrastructure for protecting financial information, customer data and intellectual property.”
As the cyber threats “become more pervasive,” smaller businesses are “taking out insurance policies designed to bolster their protection form the potentially crippling costs that can accompany data breaches and other cyber attacks.” Take up for this product is, according to the article, particularly strong for companies in the high-technology, financial services and health-care industries. As the article explains, these policies may be particularly valuable for smaller companies that lack the resources to undertake as robust of a preventive program as a larger company might.
As the article explains, the policies provide both first-party coverage (such as notification costs) and also protect against third party liability claims (such as lawsuits for damages). In a serious incident, this insurance protection, according to one commentator quoted in the article “can sometimes be a life-or-death issue for smaller companies.” The policies also cover forensic IT examinations to determine how a breach occurred and some policies even provide for public relations services to mitigate negative publicity. Again, these services could be particularly valuable for a smaller company that may not have sufficient crisis management resources available.
This type of insurance is of course no substitute for proactive cybersecurity risk management, “such as sound data-protection protocols and employee education.” In any event, as part of the application process, the insurance company will want reassurance that these kinds of efforts and protocols are in place. The insurance provides company owners and managers reassurance that the company will be able to weather the storm if problems do emerge.
According to the article, as news about cyber breaches become increasingly common, more and more companies will conclude that the cost-benefit analysis weighs in favor or purchasing this type of insurance.