Cybersecurity Insurance

Businesses hold insurance to manage a variety of risks. Cybersecurity insurance or cybersecurity liability insurance is intended to help manage the potential impacts and costs of a cyberattack against a business. By taking out a cybersecurity insurance contract and paying its premium, an organization transfers some of the risks associated with a cyberattack to its insurance provider.

Read the Security Report Sign Up for a Free Security CheckUp

Cybersecurity Insurance

Why Cybersecurity Insurance is Important

Every company can expect to be the target of a cyberattack. These attacks may range from simple, automated attack campaigns carried out by botnets to highly sophisticated and targeted attacks performed by advanced persistent threats (APTs).

With the growth of ransomware, data breaches, and similar threats, the cost of a successful cyberattack on a business can be significant. According to the 2022 Cost of a Data Breach Report by IBM and Ponemon, a data breach costs an average of $4.35 million, a growth of over 12% in just two years.  The average ransom paid in a ransomware attack is $812,360, and the average total cost of recovery is $1.4 million.

Cybersecurity insurance is so critical because it enables an organization to manage the risk of an attack and stay in business. Like other insurance policies, cybersecurity insurance covers some of the expenses associated with an attack, reducing what the organization needs to pay out of pocket.

Cybersecurity insurance is especially vital for organizations that might incur significant costs or losses as a result of a security incident. For example, a data breach of an organization with access to extremely sensitive information — such as financial or healthcare data — may result in significant regulatory and legal penalties as well as the cost of recovering from the incident and compensating affected parties.

How it Works

Cybersecurity insurance works similarly to other types of business insurance, and it is offered by many of the same providers. A company may be able to take out a cybersecurity insurance policy from the same provider as their business liability, commercial property, and other insurance policies. Companies can take out insurance policies for first-party and third-party coverage, which cover costs to the business and to external parties caused by a security breach respectively.

Cyber Insurance Coverages

Like other types of insurance, cybersecurity insurance may only cover some of the costs of a security incident and may only apply to certain types of incidents. Some of the expenses that are commonly covered by cybersecurity insurance include:

  • Cost of remediating and recovering from the incident (repairing systems, restoring data, etc.)
  • Legal fees
  • Notifications to customers regarding the breach
  • Ransoms demands from ransomware incidents
  • Restoring the identities of affected customers

The details of what is and is not covered by a policy can depend on the insurance provider and the selected policy. Some providers may cover additional costs, while others may not cover some of these expenses. For example, an insurance provider may not cover extortion demands associated with ransomware attacks.

Cybersecurity insurance providers also often have restrictions on the types of incidents that are covered by a policy. Some examples of incidents that are not covered by insurance include:

  • Security incidents that occurred before the policy started
  • Incidents caused by insider threats, such as employees or contractors
  • Incidents caused by negligence, such as configuration errors or a failure to patch known vulnerabilities
  • Outages caused by events other than a cyberattack (natural disasters, service provider outages, etc.)

Reduce Cyber Insurance Costs with Check Point

Like other businesses, insurers must make money to remain in business, which means total collected premiums must exceed payouts and other expenses. However, the growing frequency and cost of data breaches, ransomware infections, and other cyber threats have made this more difficult to achieve. To maintain profitability, insurers need to either increase the amount of premiums collected or decrease the frequency and cost of insurance payouts.

For this reason, cybersecurity insurance providers are increasingly applying more stringent requirements to businesses seeking a cybersecurity insurance policy. To reduce their premiums or even to be eligible for a policy in the first place, an organization must demonstrate that it has cybersecurity controls, policies, and procedures in place that would reduce the probability and impact of a potential cyberattack.

Check Point can help an organization optimize its security investment with security that is designed to optimize cybersecurity insurance, including the ability to consolidate and streamline security with an Enterprise License Agreement (ELA). To learn about the security gaps that might be increasing your organization’s cybersecurity insurance policy premiums and how to address them, take Check Point’s free Security Checkup.

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK