In 2022 more than ever, all companies, associations or independent professionals are exposed to “cyber risks”: hacking of their networks, theft of their data… Fortunately, it is possible to subscribe to a cyber insurance contract, which will intervene , in the event of a claim, to minimize the consequences of the incident. Let’s see together how important it is to think about it for your business.
What is cyber risk insurance?
Cyber insurance is a contract that covers the company for all IT-related risks . These risks include cyber attacks such as: hacking of its systems, viruses and trojans, ransomware (data blocking and ransom demand), Dos attacks, etc. Get Cyber Insurance here kuv24-cyber.de.
Being a so-called “multi-risk” contract , cyber insurance consists of several types of guarantees . Some are related to crisis management , i.e. to the management of the incident itself (cyber attack), others to the assumption of responsibility for the damage caused to the company (loss of operation). Finally, the contract also includes cyber liability guarantees (in the event that the company’s liability is engaged by a third party).
Who is cyber insurance for?
Cyber insurance is aimed at any entity with sensitive data essential to their online operation . When it comes to cyber security, insurers market many contracts adapted to all types of customers : very small businesses, SMEs, associations, self-employed people, liberal professions; and adapt to any type of activity . This allows everyone to have coverage adapted to the actual risks they face (depending on their vulnerability, the volume of data they collect, etc.).
Should you take out cyber insurance for your business?
According to recent studies, cyber risks are among the top business risks in 2022, with a +400% increase in cyber attacks over the previous year . This reality has been reinforced in particular by Covid-19 and the development of telework.
Today, the vast majority of companies have an online presence, communicate via networks and computer media, including SMEs, VSEs, etc. Most of them also keep sometimes sensitive data, in particular on their customers.
Sometimes without taking the measure, they are thus exposed to cyber risks such as :
- The theft or loss of their data,
- Cyber extortion (via a data blocking and ransom demand system to unblock them),
- server attacks,
- Theft of computer equipment,
- The blocking of all computer systems (which often leads to paralysis of activity),
- Damage to the image of the entity,
- A server failure resulting in loss of business.
By subscribing to cyber insurance for these risks, the company (or the signatory entity, whatever it is) first ensures that it will be accompanied during and after the incident , by a team of dedicated experts. : IT, legal, communication experts, etc.
In addition, the insurance will also cover many costs and financial damages caused by the incident . It is not uncommon, for example, for a cyber attack to have serious financial consequences (several thousand or even tens of thousands of euros), sometimes threatening the very survival of the company affected. If its activity is blocked for several days / weeks, the insurance will pay compensation under the operating loss guarantee.
What are the guarantees of cyber insurance?
Here is a list of some essential guarantees in a basic cyber insurance formula :
- Guarantees of assistance / management of the crisis itself, by the insurer or a specialized partner firm,
- Guarantees to cover the financial consequences of the incident,
- A guarantee to cover operating losses, a ransom demand in the event of cyber extortion, etc.
- A professional civil liability guarantee ,
- A guarantee in the event of an administrative investigation (the insurer can for example assume the defense costs of the company).
What are the risks incurred without cybersecurity insurance?
Cyber insurance has a cost, sometimes not negligible. However, it is not advisable to save this expense.
In the absence of insurance, the company alone will bear the financial consequences of a computer disaster , whatever it may be. During the incident, especially if it does not have an in-house IT department or if it is not qualified (for a cyber attack for example), it will often have to call on a firm specializing in cyber security, and That’s expensive.
Likewise, the company will have to assume all the other costs alone, such as for example :
- Legal assistance costs,
- Defense costs (if its liability is engaged, for example),
- Fines from administrative authorities (in the event of non-notification of a data breach to the CNIL for example),
- Negotiation fees / payment of a ransom (ransomware),
- Data restore/recovery costs.
If the activity stops , the company will again bear the net loss of turnover (although this would have been compensated, to a certain extent, by cyber risk insurance).
Other consequences, of which we think less, can also result from the incident: damage to the entity’s reputation, payment of damages to injured third parties (a customer whose data may have leaked, for example)… As many risks that are covered by dedicated insurance.
What are the main cyber risks?
An SME received an email from one of its suppliers requesting the urgent payment of an invoice. It is actually a fake message and the attachment is a ransomware “ransomvare” that encrypts a large amount of data from the company’s computer system, making it completely inaccessible.
The hacker demands a ransom of €800 to unlock the data.
The SME calls the crisis unit. The cell coordinator directs him to an expert, so he can analyze the problem and determine whether or not the encryption can be easily undone.
The denial of service attack
The website for booking a vehicle rental franchise is made inaccessible. No more reservations can be made.
Emergency measures are implemented:
- Intervention of an IT expert for 72 hours without franchise to determine the method of attack, to issue recommendations and to restart and secure the service.
- Intervention of a crisis communication expert to set up a communication plan if necessary.
Data theft and loss
A hacker broke into a company’s computer system and managed to modify one of the files executed when connecting to the customer account. This modification allowed the hacker to receive the user name (email address) and password of the company’s customers.
This intrusion was triggered during routine maintenance.
The insured’s customers, because of this intrusion, are at risk when they use this same address-password pair on more sensitive sites such as their e-mail, their Paypal account, etc.
Following the request of the crisis unit by the insured, the insurer was able to quickly support the latter by providing an IT consultant to determine the method of attack and issue recommendations. The insured was accompanied by a communication consultant in order to warn the 6,500 customers affected.
Cyber insurance covers all computer-related claims, whether in the event of a cyber attack or damaged equipment.
Cyber insurance is aimed at all types of businesses with sensitive data online.
Cyber attacks are among the first dangers to which a company is exposed. It is therefore advisable to subscribe to it.
Cyber insurance has many guarantees such as: crisis management, coverage of operating losses and other reimbursements, RC Pro, etc.
In the event of an attack or cessation of its activity, the company will have to call on a cybersecurity firm. These companies are expensive, and all costs (legal support, data restoration, ransom) will be your responsibility.
The main cyber risks are extortion, denial of service attacks and data theft and loss.