How cyber insurance might ease your (network) insecurity
Kim Komando writes about workplace technology and security issues. She's the host of the nation's largest talk-radio show about computers and the Internet, and writes a syndicated column for more than 100 Gannett newspapers and for USA Today. Find Kim's show on the radio station nearest you, and send an e-mail to subscribe to her free weekly e-mail newsletter.
By
Kim Komando
Could a virus cripple your PC network? If so, do you have enough cash reserves to make up for the downtime? What happens if the company you use to authorize credit card purchases goes belly up? Are you covered for lost revenue until you find a new company?
If you can't answer any of these questions, it may be the right time to call your insurance broker or agent and ask about cyber insurance. That's a catch-all term for policies that cover hacked computers, virus attacks, denial-of-service attacks, copyright infringement, Web content liability and other technology-related areas.
Cyber insurance also goes by e-commerce, e-business, information security, cyber risk, network security, or hackers insurance. For the sake of this article, I'll refer to it all as cyber insurance.
In recent years, as companies filed claims for denial-of-service attacks, data lost to viruses, and other security-related issues, insurers found themselves in new territory. Companies would make claims, insurers would balk, and everyone would land in court.
Unfortunately, courts often handed down conflicting judgments. So, insurance companies started changing their policies. They excluded data and technology-related items from traditional policies, or they included data with higher premiums, or they wrote policies specifically for data.
Small businesses in particular should spend some time researching cyber insurance, says Robert Parisi, senior vice president at New York-based AIG. That's because they're often at the mercy of third parties, he notes. Small businesses often rely on someone else to host their Web sites, track inventory or authorize credit card purchases. They generally have no control over those systems' reliability and maintenance. Larger corporations usually do things in-house and can keep an eye on processes better.
So what do you need to know about cyber insurance? Here are three key points.
1. What cyber insurance covers. Sure, your general liability policy covers physical property. So if your computer gets hit by lightning, you'll be reimbursed. But what if a virus destroys your data and causes serious downtime? Your liability policy may or may not cover the lost data or reimburse you for the time.Cyber insurance clears the confusion and writes policies that deal directly with technology. Like most policies, you can tailor it to your needs. Here are some main points covered:
2. What self-evaluation steps you'll need to take. Just like taking a physical for health benefits, your network security needs to get checked, too. Don't expect to get a policy if you have no firewall or antivirus protection.Cyber insurance policies require an assessment of current conditions. Large corporations are generally assessed by independent third-parties, usually at their own expense. The assessment covers security configurations, documentation of security plans, password management, backup procedures and more.A small business has it easier because it can conduct a self-assessment. Instead of a 16-page checklist, the assessment is usually a page or two and covers basic computer security. You might see questions like: Do you have antivirus software? Do you update the virus definitions? Do you use a firewall? Do you conduct regular backups?Those are basic procedures you should already be doing. See our Small Business Security Checklist.
3. The possibility of buying redundant insurance coverage. Nobody in their right mind would buy duplicative auto insurance policies. So, why buy a policy for which you are already covered?Approach cyber insurance like you would any other type of policy. Look at your current coverage. Does your general liability insurance cover physical damage to your computers? Did you purchase a comprehensive warranty through your computer manufacturer? If so, have your agent strike physical property from the policy and reduce your premium.Don't accept a policy that covers things you'll never encounter. Your dry cleaning business may have a Web site, but it probably doesn't include a message board. So you might want to forgo libel insurance.
Be smart about what you insure
Although cyber insurance has been around for more than five years, there still is little empirical data on incidents. Companies don't want the public to know about security breaches, so many incidents go unreported. Therefore, standardized insurance prices and policies are hard to come by.
Since there are no set rules, you may need to talk to an insurance broker and not an insurance agent. A broker will be able to break down what insurance companies cover and what they don't. You might find one that covers data loss under a general liability policy, while another company may consider that extra.
And here's one last thought. Insurance companies are in the business to make money. So they want to insure those who are statistically unlikely to ever need the policy. That's why good drivers are warmly welcomed, and bad drivers are shunned. So insure only those things you cannot afford to self-insure. You may never have a claim.