The federal Internet Crime Complaint Center receives hundreds of thousands of complaints each year, and a significant portion are referred to law enforcement. With so much business conducted electronically, organizations are highly vulnerable to theft and corruption of their data and should identify likely loss exposures and prepare accordingly.
Some of the questions management should ask include what property is vulnerable and what loss scenarios are realistic.
Types of property at risk
- Money, both the organization’s own funds and funds held as a fiduciary for others.
- Customer or member lists containing personally identifiable information, account numbers, or contact details.
- Personnel records.
- Medical insurance and health-related records.
- Bank account information.
- Confidential memos, spreadsheets, and other internal documents.
- E-mail systems and archives.
- Software and applications stored on web servers.
Different types of property are susceptible to various threats such as embezzlement, extortion, malware, and theft, so organizations should consider specific scenarios and their impact.
Possible loss scenarios
- A fire damages servers and network equipment so operations cannot continue until systems are replaced and data restored.
- A computer virus infects a workstation and is unknowingly spread across a workgroup, crippling a department during a peak period.
- Small, irregular transfers are discovered in accounting, totaling a significant loss after months of unnoticed activity.
- An unauthorized person observes or obtains an employee password and later accesses sensitive personnel records containing Social Security numbers and driver’s license numbers.
In addition to loss prevention and data security controls, many organizations consider purchasing cyber insurance to transfer some residual risk. To understand coverage basics and options, see What is Cyber Liability?.
Policies often cover data damage or destruction, data protection and recovery, business income loss when operations are suspended due to a data event, extra expenses needed to maintain operations, data theft, and extortion. For options focused on restoring lost or corrupted information, review Internet Data Loss Insurance.
Because policy language varies, review terms and limits carefully and consider specialized products such as Data Breach Insurance (Cyber Liability) when comparing coverages.
Choosing limits can be difficult because exposures are hard to measure in advance; consult your technology team, insurance agent, and insurer to estimate likely costs. Select a deductible level you can afford and that provides meaningful premium savings, then compare policy terms against your organization’s specific exposures and needs.
Effective loss prevention and reduction techniques, paired with appropriate insurance protection, help organizations survive and recover from a cyber loss event. If you want help evaluating options, consider taking the next step and talk to an agent.
Frequently Asked Questions
What kinds of incidents does cyber insurance typically cover?
Policies commonly cover data breaches, data loss, business interruption due to a cyber event, extortion, and costs to notify affected individuals and restore systems.
How do I decide how much cyber insurance to buy?
Estimate potential recovery and business interruption costs with input from IT and finance, then balance those exposures against budget and deductible choices.
Will cyber insurance pay for regulatory fines and legal claims?
Coverage for fines and legal claims varies by policy and jurisdiction, so review policy terms closely and consult your insurer or legal counsel.