photon_photo - stock.adobe.com
Insurance can be purchased for just about any real -- or imagined -- risk one can imagine. If someone wants to buy insurance for a pet, or even in case of alien abduction, there are insurance policies for it. It is not much of a stretch for a business to take out a policy for the undeniable -- and potentially expensive -- risks that stem from data security threats.
When it comes to the available cybersecurity insurance coverage types on the market, options are plentiful. First, the business needs to decide whether the liability policy only covers the risk of cybersecurity attacks that target the business directly or whether coverage should extend to third parties with which the business interacts. The latter cybersecurity insurance coverage option would cover not only the data governed by the company alone, but also an attack that threatened an organization's customer data while it was in the care of third-party business partners.
Cybersecurity insurance coverage options
While every insurance company packages its cybersecurity policies differently, most policy options can be broken down into three core categories.
First -- and likely the most popular -- is protection against data theft. The data being protected could be in the form of intellectual property, employee data or customers' personally identifiable information.
The second type of cybersecurity insurance coverage is credit recovery protections for businesses required to defend customers' financial information from theft. Many of these policies will also cover any regulatory fines incurred as a result of the data theft.
The third cybersecurity insurance coverage options on the market cover other malicious activities, including damages from a virus, denial-of-service attack or other disruption of technology operations.
When deciding among the three cybersecurity insurance coverage options, there are a couple things to keep in mind. Consider that almost all general business liability policies exclude cybersecurity threats. Unless a business has an explicit cybersecurity policy, that business is not covered when a breach or online attack occurs.
Also, just because an organization has cybersecurity insurance coverage does not mean it can stop caring about cybersecurity protections. If the insurance company determines that the organization did not faithfully try to meet a level of security for its data and services, the business may still be on the hook for any costs when security incidents happen. Thus, consider cybersecurity insurance as just another layer of risk mitigation in an overall IT security plan.
Dig Deeper on Data security strategies and governance
Related Q&A from Andrew Froehlich
An IAM system introduces risks to the enterprise, but the consensus is the benefits of IAM outweigh the drawbacks. What are some of the issues that ... Continue Reading
The network edge is where an enterprise network connects to third-party network services. Edge computing is a distributed architecture that processes... Continue Reading
PAP uses a two-way handshake to authenticate client sessions, while CHAP uses a three-way handshake. Both authentication processes are common, but ... Continue Reading