The implementation of telecommuting it has been a milestone for technology companies and a mine for cyber attackers. The market has reacted quickly by increasing the popularity of specialized cybersecurity insurers; cyber insurance is booming.
The companies that offer the most conventional insurance propose the following paradigm: If you protect your house, your car and the material assets of your company, why not protect the IT part to mitigate the possibility of cyber attacks?
It is not news that the market trend is cybercrime, for this reason, in addition to offering traditional insurance such as civil liability, business or damage to facilities, one is offered for cyber risks, whose Premiums amount to 75 million Euros nationwide, an increase of 35% compared to 2019 According to Security Network.
So, what is cyber risk insurance or cyber insurance?
They are an insurance policy that helps companies protect themselves from the consequences of the appearance of cybercriminals and to reduce the risks that IT companies face on a daily basis.
"It is more likely that a company will suffer a cyberattack than a fire or robbery right now," says Cátedra Pérez-Lloca / IE
What is the operation?
In the first instance, the real need of the client is evaluated and then a solution is offered based on the analysis carried out.
Secondly, once the action plan has been decided, the insurer takes a passive role, awaiting the entry of an attack to take the necessary measures. It not only covers the technical part, but also in the case of data theft and extortion there is an intervention in the ransom negotiation.
It will be vital to define 2 plans: one of action and another of contingency.
“The role of the insurer is not only to supervise the damage that has occurred and set a compensation figure, but there may be a problem of paralysis of activity due to the cyber attack. Technical support and data recovery is essential«, affirms the Pérez-Lloca / IE Chair
What must a company comply with to hire cyber insurance?
We must start from the basis that cyber insurance is the last line of defense, it is for this reason that for a company to acquire one must meet minimum requirements with regard to IT security.
These measures are not only necessary for the acquisition of this type of services, but they are also essential in legal matters since infringements can reach 20,000 million euros or 4% of annual turnover according to Ayudaley.
As mentioned above, the company contracting the insurance must have the necessary preventive measures to avoid or mitigate cyberattacks as much as possible, complying with the requirements of the RGPD (general data protection regulation) and following the regulations dictated by the LOPD (Organic Law on the protection of personal data).
Other necessary measures to be implemented will be the planning of a security policy that takes into account the main prevention measures, where all devices are optimally protected; and have a backup scheme cash so that, in the event of an attack or kidnapping, not everything is lost.
Cyber insurance in SMEs
Although cyber insurance is vital for all companies, many insurers have SMEs as their main focus. For this type of company, the acquisition of these services does not provide a definitive solution to IT protection, but it does provide some respite in the event of an attack.
Despite the importance of the peace of mind offered by being properly protected from cybercriminals, many small and medium-sized companies are reluctant to take out insurance.
Analyzing last year's figures (120,000 cyberattacks on SMEs with an average cost of €102,000) it remains difficult to understand the reluctance to purchase cyber insurance.
According to a report by AON in 2020 only 32% of SMEs acquired this type of service Unlike companies that exceed 250 million euros in turnover, they have increased the purchase of insurance by 24% (from 2019 to 2020).
It is clear that awareness plays an important role in deciding what the money is spent on and what is the priority.
What do the policies cover?
Each insurer works independently covering different parts, it is the organizations that must assess their needs and define what interests them. A large company will not take out the same policies as an SME.
Generic package:
- Civil liability against third parties either due to a failure of privacy and network security, as well as due to the digital content of the web or attack
- own damage caused by cyber extortion
Specific package:
- profit loss caused by system interruption due to a malicious computer act
- Data recovery and systems
- Incident Response Services and Expenses: technological containment, legal advice, notification to regulatory entities and those affected, information monitoring, among others
- emergency response to incidents within the first 48 hours
- cyber crime derived from the theft of money or securities of the company
- Guarantee
- recovery expenses data, notification and benefit
It is essential to be aware that there are certain aspects that an insurer cannot protect, some of them are:
- attacks of phishing
- Medium and long-term losses (by image, by perception, etc…)
- Restoration of reputation
- Bills (in case the previously stipulated security measures are not complied with)
- Those damages resulting from unlawful acts deliberately carried out by the insured
- Violation of regulations on trade secrets and patents
To cover the crack that remains uncovered, it is important to use tools that ensure total control of business security.
With transfer you can get the peace of mind you need:
* Shadow IT reduction to 100% preventing the entry of malware and phishing attacks.
* Traceability and DLP control avoiding identity theft, preventing the risk of loss of reputation.
* GDPR Regulatory Compliance: to take out insurance you will need to have this point covered.
* Sending and receiving validated documentation for audits.
The IT security of your company is vital, according to Kaspersky Lab andl 60% of the companies that suffer an attack disappear 6 months later.
Make sure you're properly protected with the combination of tools and services that give you the peace of mind you need!
More than 1 million licensed users
More than 5 million recipients
Contact us for more information: [email protected]
Or through our social networks:
Sources:
https://ayudaleyprotecciondatos.es/2020/07/14/ciberseguros-empresas/#Exigencias_del_RGPD
https://www.allianz.es/seguros/especialidades/seguros-ciberataques.html#
