Summer 2013

If you have any questions about our resources or any topics related to Experian Data Breach Resolution, please contact us at databreachinfo@experian.com or call 1 866 751 1323 .

Cyber Insurance: Do the Benefits Outweigh the Costs?

If you feel a rumble beneath the ground, it might not be an earthquake. It might just be the cyber insurance boom getting ready to explode.

Cyber insurance policies, which totaled approximately $1.3 billion in annual premiums 1 last year, are expected to increase substantially by the end of the decade. In fact, 57% of the respondents in a new study, who currently dont have cyber insurance, plan to purchase it in the next few years. 2

The biggest factor fueling the growth is the huge increase in data breaches and the high costs associated with them. Organizations spend an average of $9.4 million on one or more security incidents, according to the same study, which was just released by the Ponemon Institute in August. 3 And, the studys respondents expect those costs to rise to $163 million. 4

The shock of a data breach or security infiltration usually prompts companies to invest in better technology to try to prevent another incident from happening in the future. Many companies also increase employee training and awareness, as numerous breaches occur because of negligence.

But as breaches become more prominent and widespread, theyre being viewed as major business risks that should be handled by risk managers instead of technical problems handled by the IT staff. And risk managers, who oversee insurance anyway, have spurred a greater interest in cyber insurance.

If your organization is contemplating cyber insurance, here are five objectives to consider:

1) What the Policy Covers

Most cyber policies cover the replacement of lost or damaged equipment, forensic and investigative costs, along with legal expenses and crisis management. They also usually cover breach response costs, such as notifying the breached victims and providing them with credit monitoring. Whats not usually covered are reputation damage and revenue losses probably because these losses are difficult to quantify. Fines and penalties are sometimes covered, depending on the specifics of the policy.

2) Benefits Verses Costs

Although each quote will be different depending on your needs and your organization, Ponemon found that most insureds thought their premiums were fair. About 62 percent of the respondents said their premiums were reasonable given the nature of the risk. And 61 percent believe their premiums will stay the same in the near future. 5

Many cyber security experts now equate breaches and cyber threats to natural disasters like Hurricane Sandy, which devastated parts of New Jersey and New York last year. In other words, you never know when one will hit but if youre not prepared, the losses can be devastating. In the Ponemon study, 76 percent of the respondents believe cyber security risks are equal or greater than some of the more common insurable risks like fires, earthquakes and other natural disasters. 6

4) Your Security Posture

Many organizations find that their security posture improves with the purchase of cyber insurance, not just because of the financial protection of the policy, but because of the requirements of purchasing it. 7 Often insurers require assessments and other steps to improve safety before a policy is issued. In addition, some insurers offer value-added services, such as assistance with breach response plans, network penetration testing and information portals. All of these services can help organizations be better prepared for a data breach or security exploit.

5) Word on the Street

Of course its a good idea to find out what others are saying about a product before you buy it.

While cyber insurance is still fairly new, those organizations that have purchased it seem to be satisfied, according to Ponemon. About 74 percent of the studys respondents rated their insurance companies as excellent or very good when responding to a claim. 8

You Be the Judge

Cyber insurance, like many insurance products, will vary based on your organizations needs and the insurer who provides it to you. If you do decide to purchase it, be sure to do your due diligence and work with a reputable insurer. But it may help to know that many organizations are glad they purchased cyber insurance and many more plan to purchase it in the future, according to the Ponemon study.

To learn more, download the complete Ponemon Cyber Insurance study here

1 The Betterley Report Cyber/Privacy Insurance Market Survey, 2013

2-8 Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age, Ponemon Institute, August 2013