The Department of Homeland Security (DHS) defines cybersecurity insurance [1] as guaranteed coverage for a variety of cyber incidents. This topic can go pretty deep but this post will briefly cover cybersecurity insurance basics.

The types of cyber incidents this specialty insurance helps to mitigate against include data breaches, network damage, and overall business interruption.

The exposure of these areas will mostly be in the following:

  • Affected group notification
  • Compensation for real damages
  • Cost of forensic investigations
  • Credit monitoring
  • Damage to digital assets
  • Harm to reputation
  • Legal counsel and defense
  • Loss of revenue due to business interruption
  • Potential regulatory fines
  • Public relations handling

Even though the above points aren't in appropriate response order you can determine how a cyber incident can quickly spiral out of control.

Terms Defined

Data Breach: defined as an incident in which non-public data has potentially been viewed, used, or stolen by an unauthorized individual. Non-public data involved can refer to any sensitive, confidential or protected data. Protected data can include personal health information (PHI), personally identifiable information (PII), credit card data (PCI), or criminal justice information (CJI).

Example cost: Credit monitoring 14.99/month per account x 1500 employees x 12 months = $269,820/year.

Network Damage: broadly covers any damage incurred by malware including viruses, worms, trojans, and bots.

Example cost: Average cost to legal defense per breach $582,000 [2].

Business Interruption: refers to coverage that replaces business income lost as a result of an event that interrupts the operations of a business.

Example cost: Web server down $25,000/day.

How important do you view cyber insurance?

Resources
[1] Cybersecurity Insurance Publication at DHS
[2] Network-based attacks: How much can they cost you? at SC Magazine

Pin It on Pinterest