What Does Cyber Insurance Not Cover for SMBs? Is It Worth It?

Summary: This brief blog explains what does not get covered by cyber insurance. Also, find out the difference between personal and business cyber insurance coverage. For more personalized information about cyber crime insurance, contact your IT consulting service professionals, GEEK-AID Computer and Network Support, at www.GEEKAID.com for policy review, employee security awareness training and network security documentation needed for cyber insurance qualification.

The unprecedented expansion of remote work and home computer use has spawned a recent and dramatic increase in cybercrime. Many of the consequences of a cyberattack, including monetary loss, damaged reputations, identity theft, third-party lawsuits and more, can be devastating to SMBs and individual users.

The two main categories of cybercrime insurance for businesses are First-Party and Third-Party:

• First-Party Insurance – First-party insurance covers a company against loss of data, cybertheft, DOS attacks and other costs related to hacking:
• Data Recovery – Personal and business data are among your most valued commodities. If it is not within your IT abilities to protect and recover your data yourself, you might have to hire professionals with experience in data recovery methods.
• Fines and Penalties Resulting from a Breach – Fines and penalties may be imposed if your data is breached. First-party insurance should cover those costs.
• Lost Revenue from Slowed or Ceased Business Operations – In the event of a significant data breach, business operations can slow down to a crawl or be interrupted completely. Most plans will cover documentable costs of lost revenue.
• Notifications to Customers – Many cyberattacks impact third parties such as customers and vendors. In the event of a breach, the insurance company can help notify customers of your attack, outlining details and giving instructions on how they can proceed with claims.
• Legal Representation – Depending on the scope of the cyber event, legal costs can add up quickly; therefore, legal representation is an important benefit of cyber security insurance coverage.
• Third-Party Insurance – Third-party insurance covers many other expenses, including:

• Refunds and repayments to customers
• Losses from copyright infringement
• osses related to defamation and reputational damage
• Legal judgments if the company is found to be liable for a cyberattack
• Overall legal and financial settlements
• Accounting expenses
• Some policies include post-incident investigative expenses and follow-up cyber security audits

The main types of cybercrime covered by insurance are:

• Ransom Payments – The financial exposure created by a ransomware attack can be devastating. For individual users and small businesses, it is a scary prospect. Once a cybercriminal has control, they demand a ransom payment to free up your computer system and precious data. Ransoms are often set to double in amount daily if they are not paid. The target might have to pay up if IT professionals cannot unlock and decrypt the data. A good cyber insurance policy can help minimize losses and pay legal fees related to the event.
• Phishing Scams – For individual users, policies can be very helpful for losses related to identity theft and online monetary scams.
• Reputation Attacks – If a user’s identity is stolen, it may be used for criminal acts that damage an individual’s or company’s reputation or lead to lost revenue. A good plan will also cover these costs.

So What Does Cyber Insurance Not Cover?

We all know that insurance companies tend to do everything they can to keep insurance payouts to a minimum. But, in some instances, they have just cause. Here are some of the factors that can lead to cyber insurance claim denials:

• Insufficient Preventative Best Practices – An insurance claim can be denied if the insured party has not been diligent in having cyber security tools and best practices in place or installing robust cyber protections.
• Poor or No Documentation of Preventive Measures – Insurance companies don’t take your word for what you’ve done to prevent cyberattacks. They want up-to-date documentation of your cyber security plan. Updating your cyber security plan should be part of your regular IT maintenance.
• Insurance Policy Exclusions – As the saying goes, “Always read the fine print.” This adage holds true for cyber insurance policies. When evaluating or purchasing cyber insurance, the policy exclusions are as important as the coverage. Ensure that you understand all of the details of what’s not covered.
• Third-Party Weak Links – If an attack is the fault of one of your clients, customers or vendors, then your claim could be denied. Any entity with access to your network must be as conscientious as you are in their own cyber security practices. In this instance, an insurance investigation could drag on your settlement for years.
• Inadequate Documentation of a Cyber Event – Poor documentation of cyberattacks is an easy way out for insurance companies. If you are not techy enough to create thorough documentation, then engaging a professional business IT service would be wise. They can help you prepare documentation that is as detailed as possible.
• Time Exceeded – Policies vary; however, some have designated time frames during which claims and documentation must be filed. In the chaos of a data breach, you must stay on top of those deadlines.

Individuals and SMBs must weigh the costs vs. the benefits of having cyber crime insurance. Qualifying for cyber security insurance coverage policy forces small businesses to become aware of and address gaps in their network cybersecurity. Given the rapid increase in the magnitude and variety of cyberattacks, buying cyber insurance might be one of the best ways to protect your business investment.