Data breaches, malware and other cybersecurity issues have become part of the fabric of modern business. While law enforcement is doing its best to tackle this (relatively) new brand of crime, companies need to take precautions to ensure they don't become its victims. One of these precautions is cyber insurance.
Your business might well benefit from taking out a policy, in order to protect you from any potential threats. However, there are a number of important things you will need to consider before doing so in order to know if it is worthwhile.
What type of cybersecurity threats do you face?
This is one of the more important factors to consider, as many policies will not cover certain cybersecurity issues. For example, most types of insurance only cover incidents that cause a large amount of disruption, potentially preventing a business from trading. This isn't much use to you if the threats you face are largely day-to-day nuisances.
Writing in Computer Weekly, Gavin Cartwright - a director in Deloitte UK’s cyber risk team - said the key to finding the appropriate policy is looking for one "that asks a breadth of questions". A policy that is tailored to your exact needs will stand a much better chance of offering you value for money.
Do you have any existing security issues?
There are two main reasons for looking for cybersecurity issues - which include malware and even existing vulnerabilities in your system - the first being that if you find any you may well be ineligible for many insurance policies.
If you choose not to look for these issues, it could end up costing you a lot. As Adrian Davis, managing director for Europe at (ISC)2, puts it: "Remember that if an incident happens, and unresolved issues are found dating from before the policy start date, then the insurer may declare the policy null and void when it is needed the most."
The second - and perhaps most important - reason to check for these issues is that it will help inform you about exactly which threats you are facing. If you have spyware installed on your system, for example, you will be able to deal with and it then look for an insurance policy that will help in future cases.
Is this your only line of defense?
By far the most important thing to consider is whether or not you have other defenses when it comes to cybercrime. It is easy for companies to lean on the idea of cyber insurance, but at the end of the day this can only reimburse you financially if something happens.
Prevention is always better than a cure, so if there is a choice between investing in insurance or in security measures, you should generally opt for the latter. A cybersecurity incident could cost you much more than money, as your reputation, data and even sense of safety can all be affected.