Do You Really Need Cyber Insurance? 4 Questions to Ask Before You Get It
Whatsapp Pinterest
Advertisement

A security breach is rarely something you are happy to discover, if ever. There’s the loss of and potential destruction of data. Then there’s the aftermath: changing passwords, trying to recover information, and uncovering the depths of the attack. Finally, there are the financial implications, too.

For regular consumers and businesses alike, cyber-crime is costly. But what if there was another way?

Cyber-crime insurance is a burgeoning industry that many businesses and other organizations are exploring. However, is cyber-crime insurance a worthwhile investment for home users? And if it is, what does it actually protect? Let’s take a look.

1. What Is Cyber Insurance?

It’s no secret that cybersecurity is a delicate balance between security researchers and malicious actors. It is a game of cat and mouse; a new threat hits our systems, researchers and antivirus firms patch the issue. A new security mitigation technique appears, and attackers set about finding vulnerabilities. One thing, however, is constant: the cost of a cyber-attack.

Personal cyber-insurance helps mitigate the cost of security breaches such as ransomware extortion demands, data recovery, data destruction, online fraud, and identity theft. The overall cyber-insurance market is young and therefore difficult to accurately define. Policies for individuals focus on protecting against the financial burden of the myriad attacks lurking online. For instance:

Sounds over-the-top? Professional data recovery services can run from between $50 to $350 an hour depending on your location and severity of the issue. Smartphone data recovery can cost $200 or more depending on the device. And while the average ransomware payment demand has dropped from its 2016 high of over $1,000 per infection, the payment is still an enormous financial burden.

2. How Much Does Cyber Insurance Cost?

There are few things to consider before forking out for cyber-security insurance. Befitting the cyber-insurance market’s relative youth, there’s some skepticism regarding taking out an individual policy. As with most personal security, the answer lies in the cost of the policy. How much can you afford to part with to guarantee financial protection from an attack?

Like other forms of insurance, your policy costs vary depending on the coverage you desire. Though, unlike regular insurance, underwriters are still struggling with how to accurately model and forecast the myriad online risks.

“Typically in insurance, we use the past as prediction for the future, and in cyber that’s very difficult to do because no two incidents are alike,” said Lori Bailey, global head of cyber-risk for the Zurich Insurance Group.

The issue is further exacerbated by a lack of knowledge from both insurance providers, and those seeking cyber insurance. “All the major homeowner [insurers] are anxious to provide some sort of cyber offering,” says Tim Zeilman, a cyber-insurance specialist at Hartford Steam Boiler. “People seem to think that it is going to be a standard part of homeowner’s cover in the next five to 10 years.”

However, Hartford Steam Boiler offer one of the cheapest cyber insurance policies, starting from around $30 per year, while UK online insurance brokers PolicyBee offer cyber insurance policies starting from just £6.99 (roughly $9). The initial cost is low but to get complete coverage for repairing hardware, data recovery services, ransomware extortion pay-outs, and even legal fees, policy fees escalate quickly.

Cyber Insurance Policy Small Print

AIG’s Family CyberEdge policy costs $597 per year for $50,000 of coverage in key areas such as ransomware and extortion, data restoration, cyberbullying, and crisis management. The AIG policy sounds expensive until you look at what you get for your money.

For example, the cyberbullying cover includes a year of psychiatric services, as well as PR cover (if required), digital forensic analysis to uncover the bullies What You Should Actually Do When Harassed Online What You Should Actually Do When Harassed Online The Internet has changed bullying. Let's take a look at what has changed, and what you can do if you find yourself on the receiving end of cyber harassment. Read More , plus cover for any lost salary if the individual loses their job during a 60-day period after the cyberbullying is reported. Victims can also apply for temporary relocation along with “temporary private tutoring” or an “increase in expense for school enrollment for you or a family member to relocate to an alternative but similar school.”

Other terms in the small print are less encouraging. AIG reserves the right to reject claims “resulting from an error in computer programming or error in instructions to a computer.” The onus, then, falls on the victims to ensure their system is completely up-to-date at all times as most system vulnerabilities come from a programming issue. Furthermore, how do completely unknown zero-day vulnerabilities fit within this description?

3. Do Individuals Need Cyber Security Insurance?

A cyber-attack is stressful for business and individuals alike. Want to know what makes it worse? Repeated breaches of the same system. Embarrassingly, the National Bank of Blacksburg fell victim to two separate spear-phishing email attacks The 7 Most Common Tactics Used To Hack Passwords The 7 Most Common Tactics Used To Hack Passwords When you hear "security breach," what springs to mind? A malevolent hacker? Some basement-dwelling kid? The reality is, all that is needed is a password, and hackers have 7 ways to get yours. Read More over an eight-month period and lost over $2.4 million. Sounds bad, right? The National Bank of Blacksburg’s cyber insurance provider compounded the issue by refusing to pay out after the breach.

If that can happen to a bank worth billions of dollars, won’t individual customers suffer at the hands of the powerful insurance companies? Do individuals even need cybersecurity insurance to begin with?

Some think it depends on the net worth of the individual or the family considering the cybersecurity insurance. Individuals or families with a high-net-worth might find it beneficial to have an extensive policy to guard against all manner of online threats. Josephine Wolff, assistant professor at the Rochester Institute of Technology, says “If you are a very high-net-worth individual, then it is possible that this would make sense. For other people, the costs [of a cyber-attack] are not so high.”

She continues: “It is very hard to put price tags on breaches, especially how they affect individuals. Most of the time the individuals are not on the hook—the charges are absorbed by banks, retailers or payment companies.”

But this ignores the sometimes devastating effect an attack has on an individual or family, or the positives that simply paying off a ransomware note or using professional data recovery services bring.

4. Is Cyber Insurance a Scam?

Critics of cyber insurance point out that policies may actually encourage attackers safe in the knowledge that someone else, other than the victim, will pick up the final bill. Or, hackers will target those with cyber insurance, driving up premiums for everyone. How about an increase in ransomware because attackers see more individuals paying out 5 Reasons Why You Shouldn't Pay Ransomware Scammers 5 Reasons Why You Shouldn't Pay Ransomware Scammers Ransomware is scary and you don't want to get hit by it -- but even if you do, there are compelling reasons why you should NOT pay said ransom! Read More ? Other critics believe personal cyber insurance sends the wrong message to individuals regarding system security; why take care when your policy pays for expensive professional data recovery?

At the end of the day, cybersecurity insurance depends on your network security The Best Computer Security and Antivirus Tools The Best Computer Security and Antivirus Tools Need a security solution for your PC? Concerned about malware, ransomware, viruses, and intruders through your firewalls? Want to back up vital data? Just confused about it all? Here's everything you need to know. Read More . Most policies will refuse to pay out if there are significant issues in your network. The advice, as ever, is to:

The cyber insurance market is already growing, and it won’t be long before your home insurance provider attempts to bundle it at your next renewal. Be prepared to consider all of the options.

Explore more about: Insurance, Online Security.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. dragonmouth
    August 8, 2018 at 12:07 am

    "Personal cyber-insurance helps mitigate the cost of security breaches such as ransomware extortion demands, data recovery, data destruction, online fraud, and identity theft. "
    Big, Fat, Hairy Deal! Unfortunately, cyber-insurance will not prevent all these things from happening, or, once they happen, undo them. So what if the insurer reimburses me for the costs involved? I can live with the cost. What I cannot live with is my data being spread all over the Internet to be used for nefarious purposes over and over and over again. LifeLock advertises that they "will notify you" of any data breach. By the time they notify you, it is way too late. They even offer a $! million guarantee. It is interesting that with the hundreds of millions of personal records stolen from Yahoo, Equifax, and other institutions, LifeLock has not paid the $million to even ONE person. I'm sure that among all the people whose data has been stolen, there was at least one LifeLock subscriber. I guess that is how LifeLock can afford to give away $20 paper shredders to all who sign up.

    "Most policies will refuse to pay out if there are significant issues in your network"
    As all insurance companies do, at the end of the day, they will try to find any reason to avoid paying. If they cannot find one, they will try to manufacture one. Anything to avoid paying.