Cyber Liability Insurance
-
Greetings,
I'm trying to get everyone's thoughts on Cyber Insurance. Our accounting controller is asking me about this, and if it is necessary.
I'm not really sure, and too familiar with it. We have a couple different entities... Two are manufacturing companies, and one is a 501c3 which deals with medical and HIPPA.
Just curious what others thoughts and take it on this new form of insurance. Are most starting to carry?
Thanks
-
It is like any other insurance.
What does the premium help you recover from?
Auto Insurance is pretty easy, most understand it. But all Insurance work basically the same way.
-
We do have a policy here that our former CFO set up, not sure if we will keep since he has moved on.
One concern I have on these policies at the moment is the issue surrounding this case :
https://www.insurancejournal.com/news/international/2019/01/11/514553.htm
TL:DR : Company hit by malware; makes claim on cyber insurance policy; is denied because cyber attack was "an act of war" on the part of the perpetrator and thus excluded due to a rider on the policy
-
@JaredBusch said in Cyber Liability Insurance:
What does the premium help you recover from?
They payout for cryptolocker for organizations too stupid/poor to have properly immutable/air-gapped backups.
-
@mmicha said in Cyber Liability Insurance:
Our accounting controller is asking me about this, and if it is necessary.
Unless a customer or government entity demands it, then it is never necessary. If it makes sense for you or not is a business question.
- What does it cost.
- What does it cover.
- What is the risk of a covered thing happening.
- What are the chances of them paying out if the thing covered happens.
Those four questions tell you if it makes sense.
-
@StorageNinja said in Cyber Liability Insurance:
@JaredBusch said in Cyber Liability Insurance:
What does the premium help you recover from?
They payout for cryptolocker for organizations too stupid/poor to have properly immutable/air-gapped backups.
But often have terms that state that if you don't do certain things, like have immutable backups, that you aren't covered.
-
@BraswellJay said in Cyber Liability Insurance:
TL:DR : Company hit by malware; makes claim on cyber insurance policy; is denied because cyber attack was "an act of war" on the part of the perpetrator and thus excluded due to a rider on the policy
Typically there is an exception to nearly every cyber / digital protection policy. The things that aren't covered cover nearly everything. While someone does get a payout, it is extremely rare, and often very costly to pursue.
-
@mmicha said in Cyber Liability Insurance:
Just curious what others thoughts and take it on this new form of insurance. Are most starting to carry?
No, several reasons...
- Insurance for something like this means that smart, secure, backed up companies pay for companies that don't protect themselves. So if you are competent, you get screwed.
- On average, the insurer makes money. That means that on average you don't just pay for the damages that happen, but for their profits on top of them.
- Those that carry insurance are much higher profile targets than those that do not as there is so much more to potentially gain.
- The likelihood of getting paid even when something happens is insanely low.
For the average company, cyber insurance does more harm than good.