Cyber Risk and Insurance

19 June 2023

As cyber-attacks continue to target Australian organisations with alarming regularity, now is the time to discuss the role insurance can play in minimising the risks posed by a potential data breach.

Navigating the world of cyber security insurance is not without its complexities and organisations are advised to complete their due diligence before signing any policy. This includes speaking with a market-leading cyber security provider.

The basics

Insurance policies are typically priced in direct proportion to the risk of an adverse event. A house built on a flood plain or in a bushfire prone region will face higher insurance costs than a dwelling situated in a safer location. Similarly, organisations with poor cyber defence capabilities will pay a significantly higher insurance bill than might otherwise be incurred.

In some instances, an insurer may even reject an applicant because the cyber security risk is simply too high to cover. By working with a reputable Managed Services Security Provider (MSSP) like Intalock, your risk profile can be vastly improved, meaning lower premiums and long-term savings.   

Need more than one policy?

If your company requires more than one cyber security insurance policy, it is strongly recommended that both policies are covered by the same provider. If multiple insurers are engaged, the process can become messy if a claim is filed with each provider blaming the other for the liability. Affected organisations can find themselves in the middle of a complicated legal dispute that can take months if not years to resolve.        

Questions Answered

Any insurance provider is going to ask a lot of complex questions regarding your cyber security risk level. These questions may include inquiries regarding endpoint management, rapid response capabilities, staff training levels, the age and state of your technology stack, the age and state of your policies and procedures, and other issues pertinent to your cyber security risk. By working with a reputable Managed Services Security Provider like Intalock, you can accurately answer these questions and ensure you are receiving the most appropriate coverage while minimising your premiums.

What is being covered?

It might seem redundant, but it should be noted that cyber security insurance does not prevent attacks from occurring and only covers the financial damages that occur after a breach. Insurance should therefore be viewed as a backup plan and not your frontline defence.

The list of incidents that may be covered includes – ransomware attacks, data breaches or leaks, data recovery costs, data theft or extortion, denial of service attacks, hardware replacement, lawsuits and legal fees, and cyber investigation costs.

It is essential to read the fine print of any insurance policy to determine what is not being covered. These events may include fraud arising from insider attacks, known vulnerabilities that remain unresolved, or incidents arising from poor data management or handling.

By identifying exactly what is, and what is not being covered by a particular policy, you can avoid many of the pitfalls. Particular attention should be paid to ransomware insurance and whether a specified amount covers merely the ransom cost or includes the subsequent data recovery actions.   

Who should purchase cyber insurance?

If your organisation handles any sensitive information, be it financial details such as credit card or bank account numbers, e-commerce data, patient health records, confidential product information, or classified reports of any kind, it is recommended that you have cyber insurance in place.

Cyber criminals have broadened their targets in recent years to include mining operations, real estate agents, health and aged care providers, and construction companies, in addition to traditional targets such as banks. Many industry sectors that have thought that cyber attacks were someone else’s problem have recently been forced to play catch-up.      

Working with your cyber security provider

When it comes to navigating the complexities of cyber insurance, it pays to have an expert in your corner. A reputable MSSP will be able to evaluate your current security posture, suggest areas of improvement to reduce your insurance premiums, recommend an insurance provider, and help answer any questions that might arise along the way.

If you have any questions regarding your cyber insurance requirements, contact Intalock today.  

back to blog