In today’s digital age, businesses are increasingly vulnerable to cyber threats such as data breaches, cyber extortion, and cyber-driven business interruption. In recent years, cyber insurance is a type of insurance that has grown in necessity to help protect businesses from these risks. Not long ago, cyber insurance was an expensive option and really only for large companies, but recently cyber insurance has quickly become as important as any type of business interruption insurance.
In this article I explore 7 things you need to know about cyber insurance, as well as where you can get immediate help if you require fast incident response should the worst happen.
1. The Basics
Cyber insurance policies provide coverage for financial losses and other expenses associated with cyber attacks. In this guide, we’ll outline the types of coverage offered by cyber insurance firms to companies large and small, and how they can protect your business from potential cyber threats, should the worst happen and you become a victim.
2. Coverage Overview
Inclusions:
Cyber insurance policies typically offer coverage for the following:
- Data Breaches: Coverage for costs associated with data breaches, including forensic investigations, notification costs, and credit monitoring for affected individuals.
- Cyber Extortion: Coverage for costs associated with cyber extortion, including ransom payments and expenses associated with responding to threats.
- Business Interruption: Coverage for lost income and extra expenses incurred as a result of a cyber attack that disrupts business operations.
- Network Security Liability: Coverage for costs associated with lawsuits and settlements resulting from a cyber attack that damages third-party systems or data.
- Privacy Liability: Coverage for costs associated with lawsuits and settlements resulting from a breach of personal information.
Policy Limitations:
As with any insurance policy, there are limitations and exclusions to cyber insurance. Some common exclusions include:
- Acts of war or terrorism.
- Attacks by state actors.
- Intentional acts of the policyholder.
- Failure to follow security protocols.
- Failure of prerequisite security policies or procedures or tech required in the policy.
- Acts of employees not authorized by the policyholder.
- Losses caused by third-party vendors.
- Third party damage (such as to customers and/or vendors).
- Intangible damage, such as in the media or social media, and
- Losses involving cryptocurrency lost, theft, hack, human error or rug pull.
With those limitations in mind, let’s look at the claims process.
3. Claims Process
No one wants to have to make a claim, but what is worse is thinking you are covered to recover your losses and then finding that the coverage or the process exacerbate the crime against you. You therefore need to make sure that you can make a claim if the worst happens. Not only must you be crystal clear on the inclusions and exclusions, but you must also have a thorough understanding of the claims process.
This isn’t always straight forward, as the claims process for cyber insurance varies by policy and insurance provider.
Typically, the policyholder must notify their insurance provider as soon as possible after a cyber attack. The insurance provider will then investigate the claim and work with the policyholder to determine the extent of the damage and the costs associated with the attack. The policyholder should keep detailed records of all expenses related to the attack to provide to the insurance provider.
4. Benefits of Cyber Insurance
There are several benefits to having cyber insurance. First and foremost, it can help protect your business from financial loss and reputational damage in the event of a cyber attack,
Second, cyber attacks can be expensive to recover from. They can bring down your business. The cyber insurance’s job is to stop a high impact event crippling your business, by providing not just financial support for your costs to secure and recover, but also to assist with other costs like forensic investigation and legal costs.
Having cyber insurance can help your business meet regulatory requirements for data protection and privacy.
Many businesses are now making it a requirement of joint venture partners and service providers to ensure they have good security and insurance procedures. No one wants to be vulnerable because a related third party ignored their cyber risks.
5. The Premium Costs of Cyber Insurance
The cost of cyber insurance varies depending on a variety of factors, including the size and type of business, the level of coverage needed, and the risk level of the business. Large corporate firms typically require higher levels of coverage and therefore pay higher premiums than smaller businesses. However, larger companies are also more likely to be able to afford sophisticated security features that lower their risk and therefore their premiums.
Recent data tells us that the cost of cyber insurance is coming down, as more data becomes available for the insurers actuarial models and for them to more accurately identify risk sources. However, cyber insurance is still expensive, but, much like you being glad for the fire coverage if your house burns down, the cost of the cyber insurance will be much less than the cost of recovering from a cyber attack.
6. Problem Size
Lastly, what is the size of the problem? The scale of cyber threats is significant and growing. In the United States, cyber insurance claims increased by 50% in 2020, with worryingly more than 77% of those claims coming from small to medium-sized businesses. The total cost of cybercrime in the United States in 2020 was estimated to exceed $4 billion.
In February 2023, the FBI reported that they had received:
- 21,832 Business Email Compromise (BEC) complaints in 2022 with adjusted losses of $2.7 billion. This is just one type of cyber insurance claim type, with others including,
- 2,385 ransomware complaints totalling $434 million,
- 32,538 victims of tech support impersonation, totalling nearly $0.9 billion,
- 2,795 data breach reports, totalling $459 million,
- 762 malware reports, totalling $9.3 million.
7. Who Provides Crypto Insurance in Their Cyber Insurance Policies?
You are advised to do your own research on who provides cryptocurrency insurance. At the time of writing, our research indicates that the follow insurers may provide some type of crypto insurance.
- AIG: AIG has been an early front runner for providing coverage for cryptocurrency-related risks. They’ve offered a specific coverage extension called “CryptoGuard” that provides protection against theft or loss of cryptocurrency assets,
- Chubb Limited: Chubb has built a presence offers in cyber insurance, and may include coverage for cryptocurrency-related risks for some clients. Again, their policy can cover theft or loss of cryptocurrency due to hacking or other cyber incidents.
- AXA XL: AXA XL has a history in developing insurance solutions for cryptocurrency custodians and other businesses operating in the crypto space. You’ll need to dig through their subsidiaries if you are to find one that provides cryptocurrency insurance as part of their cyber insurance policies.
- Lloyd’s of London: Lloyd’s of London has a sizeable marketplace for various insurance underwriters and syndicates. Some syndicates operating within Lloyd’s have started offering coverage for cryptocurrency-related risks, including theft or loss of digital assets. Again, you’ll need to dig into the marketplace listings to find a provided that covers what you need.
- Mitsui Sumitomo Insurance: Mitsui Sumitomo Insurance, a subsidiary of MS&AD Insurance Group, did partner with BitFlyer, a Japanese cryptocurrency exchange, to offer coverage for cryptocurrency theft to its exchange customers. Bitflyer was subject to a $1.2m fine for cyber security breach, so that might count against them.
- Coincover: Coincover is perhaps the most specialized insurance provider of this list, focuses on providing coverage for a reasonable range of cryptocurrency risks, including hacks and human error.
It’s worth noting that the availability and scope of coverage for cryptocurrency-related risks may be subject to certain conditions and exclusions. We strongly recommend you read the policies and fine print carefully to see what is and is not included.
Conclusion
In summary, cyber insurance is an important tool for protecting your business from potential cyber threats. It offers coverage for a variety of risks, including data breaches, cyber extortion, and business interruption. While there are limitations and exclusions to policies, the benefits of cyber insurance can help businesses recover from the financial and reputational damage caused by a cyber attack. If you’re serious about protecting your business from a threat that could mean its downfall, then it’s worth considering investing in cyber insurance to protect your business and your clients’ data.
Where does Rexxfield fit in?
Rexxfield does not offer or sell cyber insurance, but what we do see day in day out is the results of cyber attacks on businesses; extortions, malware and insider ‘rug-pulls’. On the one hand, businesses that have no insurance or their insurance doesn’t cover the action against them (such as when the insurer suspects an inside job) will contact us to seek our help to fight the insurance company to legitimize their claim. On the other hand, cyber insurance companies use us for first response digital forensics.
In short, we can:
- Undertake sophisticated and immediate digital forensics,
- Help rule in or rule out suspects by tracing digital footprints,
- Verify or otherwise statements from witnesses or suspects, where a digital trail exists to provide evidence,
- Ghost write subpoenas to extract data from phone companies, domain servers, hosting providers and social media,
- Provide expert witness statements and testimony on behalf of our client’s position,
- Provide expert technical support to lawyers, insurance investigators and law enforcement,
- We also have expert blockchain tracing specialists, so if your insurance needs involves crypto, we can trace where your crypto is across multiple blockchains and even through mixers.
Plus, with FBI (retired) agent John W. on our team, plus 14 years of experience working cyber crimes, Rexxfield has relationships with law enforcement all around the world.
Think of Rexxfield When You Think of Cyber Insurance
If you are in the market for cyber insurance, make sure you ask your insurer about the inclusions and exclusions, and who will undertake the digital forensics if the worst happens, to trace who did the breakin and where they are.
If you are a cyber insurance provider, who do you use to identify and trace the bad actor that has cost you your insurance payout? Rexxfield will find them and provide the evidence package necessary for them to be put behind bars, and hopefully help you and law enforcement recover any ransom or financial loss or payout that was incurred.
If you want to know more, ask to speak to me, Guy Snow, when contacting Rexxfield.
