Wooden Spoon: Blog

Everything You Need to Know About Modern Cybersecurity – Cybersecurity Insurance

Everything You Need to Know About Modern Cybersecurity – Cybersecurity Insurance

Every business, from a small startup to a large multinational corporation, knows cybersecurity’s importance. One minor breach can lead to closing your doors forever. Even if sensitive information isn’t stolen, a hack still sends a message to your customers and business partners: your security wasn’t up to par. Never mind that even companies such as Microsoft and LastPass, two businesses with incredibly strong cybersecurity measures, have been hacked. People are still likely to lose some trust in you, which results in losing money.

Wouldn’t it be great if there were some safety net to help you mitigate the damage from a cyberattack? Fortunately, there is, although many people don’t realize it exists. Cybersecurity insurance, like auto or homeowners’ insurance, does exist, and it can help absorb some of the costs associated with a breach. Let’s look at cybersecurity insurance and whether it should be on your must-have list.

How Does Cybersecurity Insurance Work?

When you’re the victim of a cyberattack, your cybersecurity insurance will kick in. Just like with an auto policy, you make a claim when a covered event occurs. The insurance company then provides payment based on the coverage you have. This will help protect your company from the financial losses that are likely to occur from the cyberattack. You may receive payment to help you upgrade your security, investigate the cause of the breach, provide refunds or credits to any affected customers, and more.

Like most policies, there are many types of cybersecurity insurance. Some basic policies cover some simple situations and add-on policies provide more specific coverage. Some policies only protect you, while others extend to cover third parties who have access to or store your data. For example, some policies cover data stored on a server owned and operated by another company.

Cybersecurity insurance is designed to cover areas that your commercial liability insurance and other insurance products don’t. This includes costs associated with data breaches, cyber-attacks that originate within and without the U.S., and terrorist acts. Your policy may also include funds for legal counsel, data recovery or replacement, any income lost due to the breach, extortion protection, and even cost recovery for any fines or fees you were required to pay due to the attack.

Insurance Doesn’t Fully Protect You

One thing to note is that cybersecurity insurance will help you avoid going bankrupt or spending a lot of money on a single instance, but it won’t fully shield you from the fallout of a data breach. While it may cover loss of income if you have to shut down your business for several days or weeks while you recover, it can’t do anything to protect your reputation. Once word gets out that you were hacked, and it will—you’re required to notify any customer who may have had their data accessed—your reputation is going to take a hit.

How big a hit you take depends on how you responded to the attack and what was stolen. If a minor breach resulted in no data loss and you responded quickly to block the attacker, you may actually get applauded for your response. On the other hand, if customer data is stolen, passwords are compromised, or other information is accessed, it can be disastrous. You may lose customers and business partners, and the deals you were negotiating may fall through. It can take months or even years to recover from this breach.

Cybersecurity insurance doesn’t pay for such fallout. If your revenue continues to drop after a breach, it’s not something you can seek compensation for. Even if you have insurance, it’s possible for the damage to be so great that you do eventually have to shut your doors.

Policy Exclusions

Like other types of insurance policies, there are often exclusions listed in cybersecurity policies. These exclusions typically state that any security breach that occurred due to your own negligence or failure to enact reasonable security measures are not covered. This means you can’t swap out your cybersecurity team for an insurance policy. If it can be proven that you failed to install security upgrades, patches, and virus scanners, your insurance company likely won’t pay out. Many also exclude pre-existing vulnerabilities or things related to security breaches that occurred prior to purchasing the policy.

What Companies Offer Cybersecurity Insurance?What Companies Offer Cybersecurity Insurance?

Insurance companies that provide a variety of commercial insurance policies, such as business liability insurance, commercial property insurance, and errors & omissions (E&O) policies, may provide cybersecurity insurance. In fact, cybersecurity policies actually started as a type of E&O insurance, and those policies helped protect businesses against defects or other issues with products. While cybersecurity insurance is still fairly new, more and more insurance companies are beginning to offer these policies. Check with your current commercial insurance carrier to see if they offer this type of policy if you’re interested in learning more about what cybersecurity insurance could do for you.

Combine Cybersecurity Insurance with an MSP

As a managed services provider, Wooden Spoon doesn’t offer cybersecurity insurance. However, we do offer solutions to help prevent attacks and data breaches. Think of us and cybersecurity insurance as a shield and suit of armor. We’ll shield you from cyberattacks to the best of our ability, but if anything ever does happen, you know you’ve got the armor of an insurance policy to protect your budget.

We take steps to protect your network and your data, which in turn protects your reputation. In this way, working with a managed services provider provides protection that an insurance policy doesn’t. We protect your reputation by reducing the risk of a severe data breach. Our proactive network monitoring, for example, often detects accounts acting erratically or attempting to access information the user does not need. We can temporarily lock down that account until a security check is done. If that was a hacked account, we saved your data and reputation.

We Fill in the Gaps in Your Cybersecurity Policy

Even if you do have a cybersecurity policy, be certain to note the exclusions. There may be more of them than you expected, but don’t worry. Wooden Spoon’s plans often address the areas that policies exclude. We will make certain all of the necessary patches and updates are installed. Our team will do an audit of your network and note areas that are vulnerable. We will then work with you to create a plan to shore up those areas. This will help you avoid any situations in which an insurance company could say you were negligent or didn’t do everything you should have to reasonably protect your data.

Another area where Wooden Spoon can help is compliance. We will make certain your security meets or exceeds the requirements of your industry. This is another area where cybersecurity policies likely will include exclusions. If you’re found to have been non-compliant with your industry’s security requirements when a breach occurred, your insurance may not pay anything. During our initial cybersecurity audit, we will note any areas where you aren’t compliant and create a plan to align you with the correct regulations. We also monitor compliance regulations and will upgrade your security as regulations change.

You Can Lower Your Cybersecurity Insurance Rates

Many small businesses don’t purchase cybersecurity insurance because the rates are simply out of their budget. However, you can lower the costs by addressing many of the issues that affect policy premiums. Insurance companies want to know that you’re not a major risk. If you are, they know they’re more likely to have to pay out at some point, so they increase your premiums to help cover that loss. The more secure you are, the less risk the insurance company will be taking.

After addressing a few of your risks, you may be surprised when the insurance company offers you a lower premium or better coverage. You always have the option of shopping around, too; just like with auto or home insurance, you may find a company that offers more coverage for less.

Partner with Wooden Spoon Today to Secure Your Data and Lower Your Risk of Attacks

While cybersecurity insurance is a good investment for you, it’s also something you never want to use. When we partner with a business, we do require them to carry cybersecurity insurance that covers costs associated with responding to a cyberattack or data breach. However, our goal is to prevent as many cyberattacks and data breaches as possible. If a breach does occur, we respond as quickly as possible to minimize the damage done. Wooden Spoon is here for you if you need us to take on most of your IT needs or want to augment your in-house IT team. Contact us today to learn more.


Zach Mesel

Zach Mesel

Technology is in Zach’s blood. Zach spent much of his youth in his father’s cardiac research labs, either as a test subject for his father’s research, or playing games with his older brother on mainframe computers. Zach earned his BS in Management Information Systems in 1988 from the University of Arizona, and then worked for IBM in Boulder, Colorado, and Palo Alto, California until 1995. He started Wooden Spoon in 2002.