photon_photo - stock.adobe.com
Insurance can be purchased for just about any real -- or imagined -- risk one can imagine. If someone wants to buy insurance for a pet, or even in case of alien abduction, there are insurance policies for it. It is not much of a stretch for a business to take out a policy for the undeniable -- and potentially expensive -- risks that stem from data security threats.
When it comes to the available cybersecurity insurance coverage types on the market, options are plentiful. First, the business needs to decide whether the liability policy only covers the risk of cybersecurity attacks that target the business directly or whether coverage should extend to third parties with which the business interacts. The latter cybersecurity insurance coverage option would cover not only the data governed by the company alone, but also an attack that threatened an organization's customer data while it was in the care of third-party business partners.
Cybersecurity insurance coverage options
While every insurance company packages its cybersecurity policies differently, most policy options can be broken down into three core categories.
First -- and likely the most popular -- is protection against data theft. The data being protected could be in the form of intellectual property, employee data or customers' personally identifiable information.
The second type of cybersecurity insurance coverage is credit recovery protections for businesses required to defend customers' financial information from theft. Many of these policies will also cover any regulatory fines incurred as a result of the data theft.
The third cybersecurity insurance coverage options on the market cover other malicious activities, including damages from a virus, denial-of-service attack or other disruption of technology operations.
When deciding among the three cybersecurity insurance coverage options, there are a couple things to keep in mind. Consider that almost all general business liability policies exclude cybersecurity threats. Unless a business has an explicit cybersecurity policy, that business is not covered when a breach or online attack occurs.
Also, just because an organization has cybersecurity insurance coverage does not mean it can stop caring about cybersecurity protections. If the insurance company determines that the organization did not faithfully try to meet a level of security for its data and services, the business may still be on the hook for any costs when security incidents happen. Thus, consider cybersecurity insurance as just another layer of risk mitigation in an overall IT security plan.
Dig Deeper on Data security strategies and governance
Related Q&A from Andrew Froehlich
One difference between managed and unmanaged switches is complexity. A managed switch is more complex and requires more skills, but it offers better ... Continue Reading
Variables such as third-party business partners create unique cyberthreats for organizations. Find out when a cybersecurity insurance policy is a ... Continue Reading
To vet potential cybersecurity insurance providers, there are a few questions every customer should ask. Learn more about the questions to ask and ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.