Cyber insurance
When certain risks arise in society, insurers will soon develop products that cover those risks. The development of digitisation and the associated resilience of companies is no exception. That is why more insurers have been offering cyber insurance in recent years.
How do you know whether cyber insurance is useful or of added value to you as an entrepreneur? Or which insurance is right for you? In this article, you will find several questions and answers that can help you and we list a few concrete steps that you can take when considering cyber insurance.
What is cyber insurance?
There is not a uniform definition of the term cyber insurance. An insurance policy is basically a payment of a premium from an entrepreneur to an insurer, whereby the risk is transferred from the entrepreneur to the insurer. Cyber insurance is insurance that can cover direct or indirect damage that you incur to or through digital components of your company. For instance, if you become a victim of ransomware or theft of company or customer information. A problem specific to cyber insurance is that insurers use different definitions. So, be aware that the coverage, service, and premium can differ per insurer.
Why cyber insurance?
Whether you need cyber insurance depends on what you want to protect. Do check whether you are already insured through other insurance policies. In the policy conditions of your existing insurance policies, you should be able to find whether damage in, to or caused by digital systems is covered.
The added value of cyber insurance will increase if you depend on digital systems for your business operations. Or perhaps your customers or suppliers request it, because the products or services you sell increase any risk. Or because you have specific knowledge (intellectual property such as designs).So, the basic question is: what risks do you want to insure? Think of risks that have a high impact but do not occur often. In the physical world, you can think of fire or theft. If it happens, the costs often add up quickly. Ask yourself if you can bear the risk yourself, or whether you cannot (or do not want to). In the latter case, cyber insurance can add value to your business.
What is covered by cyber insurance?
The consequences of a cyber incident can take various forms. As mentioned, it is important to determine what you want to insure and what risk you can and want to bear. The costs of an incident (in Dutch) can quickly add up. Cyber insurance can cover:
- Direct costs of a cyber incident: including repairing or replacing hardware and software, restoring data, retrieving information, and rebuilding the administration. Direct costs include hiring specialists for repair, and loss of (production) hours or turnover.
- Indirect costs: including reputational damage, fines from regulators (e.g., GDPR fines), compensation to victims.
Insurers can also offer services related to cyber incidents, such as:
- Awareness, knowledge, and skills for the entrepreneur or staff. For example, through offering support with online training.
- Incident support: for example, a 24/7 emergency centre and technical support.
- Legal support: for example, in the event of data breaches under the GDPR.
- Forensic services: finding out who is behind an attack.
In order to be eligible for insurance, some insurers first want to know whether you have taken security measures. Sometimes, insurers ask you to perform a risk scan (in Dutch) for your company. It is also possible that an insurer requires certain settings, such as having a virus scanner or firewall (in Dutch). Whether these requirements are requested differs per insurer and will be part of the policy conditions. If you have completed a certification process (in Dutch) on information security, then arranging cyber insurance can be easier.