Is Cybersecurity Insurance worth the cost?

Every day I read about a new cyber breach or new exploit being discovered in the world. When I read the details; it is frustrating because these attacks could have been avoided if the organization used some basic things, for example:

• Qualified Security Professionals
• Layered IT security controls
• IT Security Best practices

Now I realize that I am an experienced IT security professional and all of that is easy for me to say. I am also a businessman, father, and husband so I understand the language of money. Money is also what businesses need. They either need to make it, save it, and/or manage it. Most of the time it's all of the above. IT Security is really all about managing digital risk, which is what I specialize in. One of the ways of managing risk is to transfer the risk. The most common method of transferring the risk is to purchase Cybersecurity insurance. I agree this is a good method of transferring a risk when we are talking about physical risk. What about digital risk? In my opinion; the answer is "yes" provided your insurance policy actually covers the event.

Cybercrime has evolved over the past decade and has been proven to be two things. First, cybercrime is very lucrative to cyber-criminals. Second, cyber-crime is very costly to enterprise America. As companies scramble to implement effective security controls and minimize loss, they often purchase cybersecurity insurance. The details of cyber attacks and why they cost companies so much money has too many moving parts to be effectively covered in this article, so I want to only focus on cybersecurity insurance. Your local agent is also more than willing to sell you cybersecurity insurance but does the insurance agent and/or the insured really understand what is covered under the policy? Most often the answer is "no". In January 2019, the news contained details about famous cybersecurity claim that involved an insurance company denying the insured's $100 million dollar claim because the cyber-attack was determined to be an act-of-war, the matter ended up in court. The insured thought the cyber-attack they experienced was covered and was shocked to learn their insurance company classified their claim as an "act-of-war" and denied the claim.

Now I want to be clear; I am not going to name any specific company names because the intent of this article is not to embarrass, criticize, or reprimand any industry, company, or profession. In fact, it's quite the contrary; I am seeking to inform individuals or companies that are concerned about improving their IT security program and minimizing their risk by acquiring a cybersecurity policy that is effective and comprehensive enough to cover an actual cyber breach. In order for a cybersecurity policy to be worth cost the following things need to occur;

1. The company purchasing the insurance policy needs to perform a risk assessment that maps against a formal IT framework
2. The company purchasing the insurance policy needs to work with a reputable and knowledgable insurance agency
3. The company purchasing the insurance policy need to have a clear understanding of the coverages need to be obtained to meet its business mandates
4. The company purchasing the insurance policy needs to be aware of any gaps the cybersecurity policy they are purchasing has

Now, this brings me to the question asked in the title of this article: "Is Cybersecurity insurance worth the cost?" The answer is "yes", when the Cybersecurity policy purchased from a reputable Insurance company and Insurance Agent. The agent should clearly explain all of the coverages and explain any gaps and exclusions.

If any of the information in this article is confusing, or if your organization is needing more information about cybersecurity controls, cybersecurity risk, and risk assessments please contact me using the following link:

https://www.linkedin.com/in/mark-alvarado-mba-ceh-8715148/

If your company is needing cybersecurity insurance contact:

Elizabeth Alvarado at Brown & Brown Insurance, using the following link for quick access:

https://www.linkedin.com/in/elizabeth-alvarado-b415143/

https://www.instagram.com/elizabeth_brownandbrowntexas/