Fri, Aug 22, 2014
Although cyber insurance coverage has been offered since the mid-1990s, it hasn’t always been top of mind for most organizations until recently, that is. Not only are the frequency and complexity of cyber security pitfalls growing, so too are the price tags. Consequently, having a thoughtfully considered cyber liability insurance policy is a critical aspect of an organization’s incident preparedness and response plans. The triggers for these policies can be wide-ranging, so it is helpful for your organization to consider ahead of time the types of data security events commonly seen today and to understand how your policy will respond should your organization face such events.
Criminals taking valuable company assets hostage for financial gain is certainly not a new concept. What has changed, however, is how this has evolved to include cyber extortion threats such as infecting systems with malicious codes; maliciously altering or damaging data assets or interrupting computer systems. Insurance policies addressing cyber extortion, in its most basic form, originated from the need to provide coverage for payments made to perpetrators threatening to attack insureds’ computer systems or data assets. However, because it is an evolving threat, it is helpful to consider exactly what aspects of responding to these events are covered. Does your policy cover the payment or other valuables demanded by a cyber-criminal? Who determines what actual “ransom” is paid? Does it extend to engaging cyber investigators to investigate, terminate and help respond to a threat? Does it extend further to engage security specialists to implement tools to prevent future attacks? How about the cost of negotiators?
Your best defense against cyber extortion is to know your policy and the appropriate parties to engage for resolution
The costs affiliated with being offline or unable to conduct business as a result of a cyber extortion event are difficult to quantify, and the value assigned to the intellectual property or otherwise sensitive data affected by the event can be difficult to prove. Your broker and insurance carrier can help you maximize the effectiveness of cyber coverage by leveraging their relationships with trusted and efficient incident response partners. Considering how this type of attack could affect your organization and engaging an incident response partner now, before a cyber extortion event occurs, can enable you to respond quickly following an attack to minimize your downtime and exposure.
The development of sophisticated and comprehensive insurance products continues to keep pace with the types of cyber threats affecting all businesses today – regardless of sector or revenue size. Leveraging cyber insurance and the incident response resources made available through your policy is an effective way to mitigate how much of an impact a cyber attack will have on your organization’s operations, finances, and reputation
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.