photon_photo - stock.adobe.com
Insurance can be purchased for just about any real -- or imagined -- risk one can imagine. If someone wants to buy insurance for a pet, or even in case of alien abduction, there are insurance policies for it. It is not much of a stretch for a business to take out a policy for the undeniable -- and potentially expensive -- risks that stem from data security threats.
When it comes to the available cybersecurity insurance coverage types on the market, options are plentiful. First, the business needs to decide whether the liability policy only covers the risk of cybersecurity attacks that target the business directly or whether coverage should extend to third parties with which the business interacts. The latter cybersecurity insurance coverage option would cover not only the data governed by the company alone, but also an attack that threatened an organization's customer data while it was in the care of third-party business partners.
Cybersecurity insurance coverage options
While every insurance company packages its cybersecurity policies differently, most policy options can be broken down into three core categories.
First -- and likely the most popular -- is protection against data theft. The data being protected could be in the form of intellectual property, employee data or customers' personally identifiable information.
The second type of cybersecurity insurance coverage is credit recovery protections for businesses required to defend customers' financial information from theft. Many of these policies will also cover any regulatory fines incurred as a result of the data theft.
The third cybersecurity insurance coverage options on the market cover other malicious activities, including damages from a virus, denial-of-service attack or other disruption of technology operations.
When deciding among the three cybersecurity insurance coverage options, there are a couple things to keep in mind. Consider that almost all general business liability policies exclude cybersecurity threats. Unless a business has an explicit cybersecurity policy, that business is not covered when a breach or online attack occurs.
Also, just because an organization has cybersecurity insurance coverage does not mean it can stop caring about cybersecurity protections. If the insurance company determines that the organization did not faithfully try to meet a level of security for its data and services, the business may still be on the hook for any costs when security incidents happen. Thus, consider cybersecurity insurance as just another layer of risk mitigation in an overall IT security plan.
Dig Deeper on Data security strategies and governance
Related Q&A from Andrew Froehlich
Even though they have common traits, there is a difference between a Layer 3 switch and a router. Each plays a key role in making sure packets get ... Continue Reading
Unified communications interoperability is gaining more attention as more employees work from home. But, while some progress is being made, there is ... Continue Reading
Andrew Froehlich breaks down how authentication and identity management differ and how each of them are intrinsic to an identity and access ... Continue Reading