Whether you own a small business or you are a member of a global enterprise you may be wondering whether or not cyber insurance is worth the investment.
In this article I will cover the benefits of cyber insurance, how it differs from standard liability insurance, trends in the cyber insurance industry, and many other burning questions you’re likely to have when deciding if cyber insurance is right for your business.
Disclaimer: The contents of this article are provided for general reference and do not constitute legal or professional advice. You must consult insurance companies and legal counsel to understand the cyber insurance and liability requirements of your business.
Table of ContentsA cyber insurance policy is a type of business insurance that is designed to protect your business in the event of a cyber incident.
Generally speaking, there are two key categories of cyber insurance policies:
Much like traditional insurance policies, cyber insurance policies are designed as a last resort to cover costs associated with a worst-case scenario. When a cyber event occurs they will help cover part of the costs of remediating cyber security incidents.
Cyber insurance typically covers costs of one or more of the following:
What coverage is offered varies greatly depending on the specific cyber policy limit, the context of the cyber event, the covered business, and the insurance company.
Technology errors and omissions insurance (Tech E&O) and cyber liability insurance both cover part of the costs associated with data breaches.
The key difference is that a Tech E&O policy protects your company when a client is harmed, whereas cyber insurance covers the costs to your business and its customers as a result of data breaches and cyberattacks.
Many businesses that offer managed IT services (MSPs) will use a Tech E&O policy to protect themselves in the event that a security incident results in cyber exposures to their clients.
Cyber insurance expert Joseph Brunsman recommends that MSPs avoid purchasing separate cyber insurance and E&O policies; according to Joseph they should combine the two into a single Tech E&O policy.
That said, coming into 2022 the mass-scale business interruption caused by ransomware and the rapid transition to remote workforces has the insurance coverage options for MSPs severely dwindling—more on that later.
Hello! Today I will be showing you all of the solutions available in the CurrentWare Suite. Each solution can be purchased individually for the greatest flexibility or as a bundle for the best value.
The CurrentWare suite can monitor and manage remote, on-premises, and hybrid users, making them ideal tools for managing the productivity and security of a remote workforce.
Alright, let’s get started.
With the CurrentWare web console you can manage policies, review dashboards, and run user activity reports from the convenience of a web browser.
Your CurrentWare solutions are installed and managed by your company either on-premises or on a virtual machine hosted by a cloud service provider of your choice, giving you full control over your data.
CurrentWare is also a Citrix-ready partner, making Windows VDI deployments simple for your organization.
The CurrentWare Suite includes:
Each solution allows you to apply unique policies for each group of users or computers. These policies will be enforced even when the computers are disconnected from the network.
Let’s start with AccessPatrol
With AccessPatrol you can:
With BrowseControl you can:
Let’s move on to BrowseReporter
With BrowseReporter you can:
Finally, with enPowerManager you can:
If you would like to try out CurrentWare for yourself you can instantly get a free trial at CurrentWare.com/Download or book a demo with our sales team at CurrentWare.com/Sales
This video is current as of version 7.0, which was released in February 2022. For the most up-to-date information on the latest features please visit our release notes at CurrentWare.com/support/release-notes/
Are you an IT Managed Services Provider? Join our MSP program today and enjoy advantageous pricing for CurrentWare’s employee monitoring, web filtering, USB control, and remote PC power management software solutions.
CurrentWare’s MSP partners improve their clients’ employee productivity, data security, and business intelligence with advanced awareness and control over how technology is used in their organization.
Now that you have an understanding of what cyber insurance is, there’s an obvious unanswered question—Is it worth getting cyber insurance?
If you’re having doubts about the value of an insurance policy to provide coverage for cyber incidents, you’re not alone.
According to a 2019 survey by Spiceworks 41% of IT pros stated that their business hasn’t purchased cyber insurance because it’s simply not a priority at their organization. A further 33% flat out stated that they’re not sold on the benefits, and 34% didn’t bother because it wasn’t required by regulations.
This section will cover the key benefits of this niche business insurance to help you decide if some form of cyber risk insurance is worth the cost for your company.
If you’re one of the many questioning the value of cyber insurance you might simply want to know if you’re required to have some form of cyber security insurance.
The short answer? No, not all businesses are required to have a cyber insurance policy.
That said, depending on the sensitive data you’re responsible for protecting you will most likely need to strongly consider being covered by cyber insurance. It’s also in your best interest to take a proactive stance on cybersecurity, including getting insured against your most likely cyber risks.
If the only sensitive data you need to be concerned with is intellectual property, you may be less pressed to get covered than a business that handles sensitive customer information.
Even then, we live in an increasingly connected world that is slowly beginning to understand the potentially global implications of a network security failure. It’s incredibly likely that one day data breach insurance will be as mandatory as workers’ compensation insurance is.
Lets face it; no organization is 100% safe from a cyber incident. As a matter of a fact it’s almost never a matter of IF you’ll suffer a breach, but WHEN. All it takes is a simple W-2 form phishing attack or a disgruntled employee with a flash drive to have data stolen or disclosed by employees
What makes the difference is how prepared you are to address it.
If you collect and maintain a certain level of important information that could result in legal issues if it were compromised, you’ll need to strongly consider getting insured with a dedicated cyber liability policy.
The costs associated with meeting the mandatory data breach reporting requirements of GDPR, CCPA, PIPEDA, and similar data security and privacy regulations alone make cyber coverage a priority for many businesses.
There’s also the costs of lawsuits, which are always a risk following a data breach. According to the 2019 Cyber Claims Study from NetDiligence the average cost for legal defense was $740,000, while the average legal settlement was $2 million. Regardless of your annual revenue, having an insurance policy is going to help you recover.
Depending on your industry you may even lose business due to a lack of insurance. Some businesses will go so far as to require any third parties they do business with to have some form of coverage against cyber threats.
For example, Spiceworks user Juanoflo says they “request COI (certificates of insurance) from every vendor that comes to our facility and any vendor that interacts or provides guidance on any system we use here.”
There’s also the risk of losing money to social engineering: Depending on the amount lost, falling victim to a funds transfer fraud could be detrimental to your business.
Truthfully, small businesses and large enterprises alike will benefit from some degree of coverage. How much coverage your business requires is going to vary greatly depending on your most likely cyber threats and the implications of compromised data.
While there’s no guaranteed set cost of cyber liability insurance, there are some estimates to get you started.
According to data from AdvisorSmith for companies with $1 million in revenue, for $1 million in cyber liability coverage, with $10,000 of retention:
According to buzz within the cyber insurance space Managed Services Providers that are fortunate enough to get any sort of coverage will be facing significant insurance costs in 2022. A user of the MSP subreddit noted an annual cost of $2000 in 2020, $4000 in 2021 and a demand for $20k in 2022 for their insurance policy.
That said, their specific carrier plans to stop offering insurance to MSPs altogether so the agonizing $20k tab is likely more of a scare tactic than a typical cost for cyber insurance. To get an accurate cyber liability insurance quote your best bet is to ask for one from a licensed agent.
Cyber insurance coverage varies greatly depending on the specific cyber insurance providers, the current underwriting guidelines, and the cyber risk profile of each business. When choosing the right policy for your business you need to have your legal department look into your options carefully to ensure you’re adequately covered.
That said, the Spiceworks study from before provides some insights.
According to the survey a cyber insurance policy will typically offer general cyber liability coverage, though other offerings such as covering the loss or damage to electronic data, legal/investigation fees, loss of income, cyber extortion losses, data breach notification costs, and the costs associated with a damaged reputation may also be covered.
As for how much privacy liability coverage is available, the Spiceworks study also provides some insights. As you can see here the majority of cyber insurance plans have a coverage limit between $1-5 million, though there are some offering a staggering $20 million or greater.
Other items covered by cyber policies
A word of warning: While all of this sounds well and good, there have been cases where insurance companies have refused to pay out.
As with any other form of insurance there’s bound to be providers that will do all they can to minimize their payouts. Be certain to vet your provider carefully and collect as much information as you can about what is and is not covered by your policy.
No, not always! It’s crucial that your business understands what is covered by its current policies and where a cyber policy can fill in the gaps.
There’s a concept known as “Silent Cyber” whereby many significant cyber security events are not expressly covered within traditional policies. In 2019 the prolific UK insurance market Lloyd’s of London helped make this distinction clearer by mandating that all property and casualty (P&C) policies implicitly state whether or not coverage is provided for losses caused by a cyber event.
Since there is such a wide variety of cyber risks to account for it is essential to consult with your current insurance provider to have them be explicitly clear about what cyber risks are covered and which ones are not.
For example, if you try to resolve claims related to social engineering attacks it’s entirely possible that your coverage will be denied due to “human error”, though truthfully it’s difficult to concretely discern what isn’t human error; be certain to get the distinction in writing from your insurance provider.
“The damage caused by ransomware gangs has increased so much over the last two years that average cybersecurity insurance policy coverage amounts are plummeting, premiums are rising (doubling in many cases), deductibles are increasing, and exclusionary policy ‘outs’ are increasing.” – Roger Grimes, KnowBe4
Thanks to significant spikes in ransomware, business email compromise, wire fraud, and ACH fraud, the average cyber insurance quote for small businesses and enterprises alike is only going to continue increasing from 2022 onwards.
The cyber liability insurance industry as a whole has caught on to the fact that large-scale cyber security incidents such as the WannaCry ransomware (that caused an estimated $4 billion in damages) put their businesses at risk of insolvency from an unanticipated spike in claims.
As mentioned before this is particularly true for IT Managed Services Providers. The user of the MSP subreddit that noted an annual cost of $2000 in 2020, $4000 in 2021 and a demand for $20k in 2022 may not be an outlier.
In terms of community discussion, cyber insurance expert Joseph Brunsman (/u/Joe_Cyber on Reddit) offers the following insights and predictions:
Are you ready for your next IT security audit? Check out these tips to assess the cyber risk of your company.
For a while there was a disturbing trend of companies relying on their cyber insurance provider to pay the ransomware demands of cyber criminals—despite the FBI’s recommendations against the practice.
This led to some unscrupulous companies misusing their providers rather than proactively hardening their own security posture to prevent the attacks in the first place.
Thankfully legislation is catching up and it’s steadily becoming more common for ransomware payments to be illegal.
“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC)
Of the companies that have recently offered some form of ransom coverage, AdvisorSmith notes that many policies “provide very limited coverage for ransomware or cyber extortion attacks, with coverage sublimits as low as $25,000, even when the cyber liability policy has a much higher total limit.”
Many of the few insurance companies still offering cyber insurance have realized that managing their client’s cyber risk is in both of their best interests.
While this will often present itself as a list of required security controls such as ongoing cyber security awareness training and ongoing audits, several insurance companies have started acting as Managed Security Service Providers (MSSPs) to their clients.
Rather than simply requiring particular security controls they have begun proactively offering security services themselves, contracting out managed security providers, or only offering policies to clients that adopt particular security solutions providers.
These advanced insurance providers will help you evaluate your cyber risk, make recommendations for strengthening your security posture, help with patch management, and even monitor the logs of security tools for high-risk or anomalous activity.
Hello! Today I will be showing you all of the solutions available in the CurrentWare Suite. Each solution can be purchased individually for the greatest flexibility or as a bundle for the best value.
The CurrentWare suite can monitor and manage remote, on-premises, and hybrid users, making them ideal tools for managing the productivity and security of a remote workforce.
Alright, let’s get started.
With the CurrentWare web console you can manage policies, review dashboards, and run user activity reports from the convenience of a web browser.
Your CurrentWare solutions are installed and managed by your company either on-premises or on a virtual machine hosted by a cloud service provider of your choice, giving you full control over your data.
CurrentWare is also a Citrix-ready partner, making Windows VDI deployments simple for your organization.
The CurrentWare Suite includes:
Each solution allows you to apply unique policies for each group of users or computers. These policies will be enforced even when the computers are disconnected from the network.
Let’s start with AccessPatrol
With AccessPatrol you can:
With BrowseControl you can:
Let’s move on to BrowseReporter
With BrowseReporter you can:
Finally, with enPowerManager you can:
If you would like to try out CurrentWare for yourself you can instantly get a free trial at CurrentWare.com/Download or book a demo with our sales team at CurrentWare.com/Sales
This video is current as of version 7.0, which was released in February 2022. For the most up-to-date information on the latest features please visit our release notes at CurrentWare.com/support/release-notes/
Whether you are a small business or a global enterprise, you simply cannot get insured without sufficient security controls. CurrentWare’s endpoint security solutions will help mitigate many common cyber attack risks so you can get insured and continue to offer your clients peace of mind.
With the CurrentWare Suite, you can…
With these critical security controls in place, you can reduce your cybersecurity insurance premiums by addressing a multitude of security vulnerabilities.
Learn more about CurrentWare’s endpoint security solutions
Having a sufficient cyber liability insurance policy is an essential part of being prepared to respond to a cyber attack.
Alongside proactive security controls these policies provide your business with the capabilities it needs to respond to incidents caused by cyber criminals, third parties, and insider threats.
If you would like to improve your security posture you can get started today with a free trial of CurrentWare’s endpoint security software solutions.
Hello! Today I will be showing you all of the solutions available in the CurrentWare Suite. Each solution can be purchased individually for the greatest flexibility or as a bundle for the best value.
The CurrentWare suite can monitor and manage remote, on-premises, and hybrid users, making them ideal tools for managing the productivity and security of a remote workforce.
Alright, let’s get started.
With the CurrentWare web console you can manage policies, review dashboards, and run user activity reports from the convenience of a web browser.
Your CurrentWare solutions are installed and managed by your company either on-premises or on a virtual machine hosted by a cloud service provider of your choice, giving you full control over your data.
CurrentWare is also a Citrix-ready partner, making Windows VDI deployments simple for your organization.
The CurrentWare Suite includes:
Each solution allows you to apply unique policies for each group of users or computers. These policies will be enforced even when the computers are disconnected from the network.
Let’s start with AccessPatrol
With AccessPatrol you can:
With BrowseControl you can:
Let’s move on to BrowseReporter
With BrowseReporter you can:
Finally, with enPowerManager you can:
If you would like to try out CurrentWare for yourself you can instantly get a free trial at CurrentWare.com/Download or book a demo with our sales team at CurrentWare.com/Sales
This video is current as of version 7.0, which was released in February 2022. For the most up-to-date information on the latest features please visit our release notes at CurrentWare.com/support/release-notes/
Are you an IT Managed Services Provider? Join our MSP program today and enjoy advantageous pricing for CurrentWare’s employee monitoring, web filtering, USB control, and remote PC power management software solutions.
CurrentWare’s MSP partners improve their clients’ employee productivity, data security, and business intelligence with advanced awareness and control over how technology is used in their organization.
More Resources
Cookie | Duration | Description |
---|---|---|
__cfruid | session | Cloudflare sets this cookie to identify trusted web traffic. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
JSESSIONID | session | The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. |
LS_CSRF_TOKEN | session | Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed. |
OptanonConsent | 1 year | OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
_zcsr_tmp | session | Zoho sets this cookie for the login function on the website. |
Cookie | Duration | Description |
---|---|---|
_calendly_session | 21 days | Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar. |
_gaexp | 2 months 11 days 7 hours 3 minutes | Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_GY6RPLBZG0 | 2 years | This cookie is installed by Google Analytics. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_opt_expid | past | Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
_dc_gtm_UA-6494714-6 | 1 minute | No description |
_gaexp_rc | past | No description available. |
34f6831605 | session | No description |
383aeadb58 | session | No description available. |
663a60c55d | session | No description available. |
6e4b8efee4 | session | No description available. |
c72887300d | session | No description available. |
cookielawinfo-checkbox-tracking | 1 year | No description |
crmcsr | session | No description available. |
currentware-_zldp | 2 years | No description |
currentware-_zldt | 1 day | No description |
et_pb_ab_view_page_26104 | session | No description |
gaclientid | 1 month | No description |
gclid | 1 month | No description |
handl_ip | 1 month | No description available. |
handl_landing_page | 1 month | No description available. |
handl_original_ref | 1 month | No description available. |
handl_ref | 1 month | No description available. |
handl_ref_domain | 1 month | No description |
handl_url | 1 month | No description available. |
handl_url_base | 1 month | No description |
handlID | 1 month | No description |
HandLtestDomainName | session | No description |
HandLtestDomainNameServer | 1 day | No description |
isiframeenabled | 1 day | No description available. |
m | 2 years | No description available. |
nitroCachedPage | session | No description |
organic_source | 1 month | No description |
organic_source_str | 1 month | No description |
traffic_source | 1 month | No description available. |
uesign | 1 month | No description |
user_agent | 1 month | No description available. |
ZCAMPAIGN_CSRF_TOKEN | session | No description available. |
zld685336000000002056state | 5 minutes | No description |