- What is Cyber Insurance, and Does My Startup Need It? - November 30, 2020
Startups typically rely on innovative ideas and technologies to disrupt and revolutionize their respective industries. However advantageous, this reliance on technology also has its drawbacks. Most startups can expect to have severe exposure to cybercrime and unintentional data breaches at some point.
If you store, manage and use your clients’ personal information, your company could be held liable by the victims in the event of a data breach or cyberattack. This means expensive legal costs, fines, and, in the best-case scenario, settlements. Additionally, you’ll be expected to pay for the costs of notifying the victims, reimbursing them for damages and credit monitoring. All of this means that these data breaches come at a staggering price, both financial and reputational.
Statistics show that around 60 percent of small and medium businesses that suffer a cyberattack close down within six months of experiencing the attack.
And these attacks aren’t just becoming more severe. They’re also getting more and more frequent. It’s estimated that by 2021, there will be a cyberattack happening every 11 seconds.
Any startup that’s looking to enable sustainable growth should strongly consider investing in the right cyber liability insurance based on the company’s specific needs and unique risk profile. Using an insurance product to transfer risk to the underwriter will make the business more resilient when misfortune strikes, but it can also help make the company more attractive to partners, investors and other third parties that can help the business grow.
StartupNation exclusive discounts and savings on Dell products and accessories: Learn more here
Below, we’ll go over exactly which exposures will be covered by cyber insurance, how much you’ll have to pay to be adequately protected and what to look for when securing the policy.
What is covered by cyber insurance?
Cyber insurance serves to protect a startup from the perils of running a tech-reliant business, including data breaches, cyber thefts and phishing attempts. It’s important to note that the coverage will not only help you pay your legal fees in case of a lawsuit, but will also cover ancillary expenses of an attack or breach. Additionally, the policy should ideally provide you with the resources to implement cost-effective and robust security solutions.
Typically, the policy will be split into first-party and third-party coverage.
First-party cyber insurance is geared toward protecting your company. It will cover costs that are related to the breach. The third-party coverage will respond to losses that the direct victims, such as your clients, suffer due to the attack.
Let’s break down what startups should look for in a policy:
- Notification costs: The company that suffers the breach has the responsibility to identify and then notify all victims. Given the size and severity of many of these data breaches, this can be incredibly expensive.
- Credit monitoring: This means that your cyber policy would respond in order to pay for the victims’ insurance policies. Credit monitoring is typically required by state regulators, and they’ll commonly require that the potential victims are sufficiently protected.
- Third-party lawsuits: Most of these liability lawsuits will be class actions, with hundreds or thousands of victims. This can mean huge payouts, even for the smallest of startups. A preferred cyber policy should cover the cost to defend from these lawsuits and pay for any settlements or damages awarded. It’s also essential to ensure that any fines issued are also covered.
- Computer forensics: It’s no help paying for expenses of the breach if you don’t reduce future exposures. This is why preferred cyber policies should also cover the cost of hiring computer forensics consultants to determine why and how the breach happened. This will allow you to understand the causes and the scope of the breach and implement better security protocols.
- PR costs: Data breaches can have serious reputational implications for any business. It’s essential to have a policy that will help you handle the potential fallout by hiring PR management experts.
How much will startups have to pay for cyber insurance?
It’s tough to predict the cost of your cyber insurance. It’s a dynamic policy, and its coverage is as unique as your companies’ needs.
For instance, a recent study found that the average cost of a cyber liability policy was $1,500 per year for $1 million in coverage, with a $10,000 deductible.
But this coverage is very far from standardized, and cost can vary wildly. Let’s cover what factors will affect your cyber insurance premium so that you can get a better understanding of how much you’ll have to pay to be sufficiently covered.
- Number of employees and industry: The reasoning here is simple, as the more employees you have, the greater the risk of a data breach caused by phishing or social engineering attacks. However, what’ll influence your premium even more is your respective industry. Typically, insurers have three risk tiers (low, medium and high) that determine your premium.
- Number and sensitivity of personally identifiable information stored: The less third-party personal information you store, the less you’ll have to pay for insurance. Additionally, a breach that exposes the names and emails of your customers isn’t that bad. But if you store very sensitive personal data, such as Social Security numbers, dates of birth and credit card information, you can expect to pay more.
- Revenue: The more profitable the business, the greater the chance that cybercriminals will target you.
- Security protocols: Insurers will take a look at how you handle cybersecurity in your company. If you have strong policies in place and dedicate significant resources to preventing cybercrime, they’ll reward you with significantly lower premiums. Employee education, cyber hygiene, software security and procedures will all be considered.
If you’re interested in learning more about the potential cost of cyber insurance, you can read this in-depth guide.
What to look for when securing a cyber insurance policy for your startup
It’s wise to focus on the coverage provided, as opposed to the cost. The damage done by a data breach can be extensive, and there’s nothing worse than paying for insurance that doesn’t fully protect you.
The good news is that the market for cyber insurance policies is both well served and very competitive. This means that you should be able to secure the right coverage at a reasonable price.