[print-me target="div#id_of_element_to_print" title="Print Article"]

Since we are in the business of creating secure networks, we often run into prospects who are deliberating how to spend their data security dollars. Network security is by no means cheap, and we have experienced customers who have made the decision to buy cyber liability insurance or data breach insurance rather than the network solutions that would protect them from the very incidents that liability insurance covers. While we certainly encourage customers to insure themselves from data loss – it is an obvious element of smart cyber liability protection – it does not render data security measures as unnecessary.

First, be aware that data breach and cyber liability insurance is still relatively new kinds of coverage. They are still rather loose in what might get covered, and they are likely to change dramatically as actuarial tables draw data about network security breaches and the real costs involved. That, along with developing laws requiring data protection in various industries, the cost of data breach coverage will likely increase in the near future. Furthermore, insurer’s requirements on the business to have certain security measures in place before they will risk coverage is likely to come soon.

Data Assets: What’s it Worth to You?

A company’s data assets include the trade secrets, proprietary intelligence, and the personal and purchasing information of customers. If any of these are compromised or stolen, will insurance be sufficient to meet the needs of remediation and restoration? Let’s take a critical look to see what insurance covers, and what might be the cybersecurity counterpart that is able to prevent the data breach in the first place.

The properly protected network that we suggest would include the following:

Network Protection

A cloud security platform can eradicate threats and malware from entering the business network, and  it is able to protect your company’s users wherever they go on the internet. Cisco Umbrella does this by using the internet’s infrastructure to block suspicious destinations before a connection is even established.

Advanced Malware Protection

Practically all networks have a multitude of endpoints connecting into it. Everything from personal cellphones to the office’s air conditioning thermostats interact with the main network, and every point is a potential malware infection point. An advanced malware protection solution, like Cisco’s AMP for Endpoints, prevents breaches and blocks malware at the point of entry. It rapidly detects, contains, and remediates advanced threats that evade front-line defenses, and it becomes familiar with new threats so it can continue to guard the network from future threats like it.

Unauthorized User Prevention

If a business invests in a network dual-authentication solution like Cisco Duo, this will dramatically impede the ability of hackers and outsiders to access the network.

Cloud Backup

This is a strategy of keeping a secure copy of all data at a third-party service provider. It usually includes both the software and hardware necessary to protect the organization’s data. Costs depend on volume of data stored. Because they are kept outside the office network, they can be made secure against ransomware attacks.

Data Governance

If someone should still gain access to a network with a mind to compromise it, being able to pinpoint irregular activity immediately and shut it down is critical. Data Governance is the strategy that allows for this. Small businesses can make use of a service within MS Office 365 to have data governance. There are several solutions available for enterprise-level corporations, with the best solution being the one that is able to manage the scope of the network. In a nutshell, a data governance solution is able to detect irregular activity the moment it happens, and can immediately disable a compromised account, kill active sessions, and isolate behavior. Data governance is also able to classify which data in the network is sensitive, whether it was modified, whether there were unauthorized permission changes executed on it, and more.

What Will Insurance Cover?

Data Breach and Cyber Insurance will cover a lot… for a price. We reached out to our friends at Creekside Risk Management to share with us a quick overview about the many liabilities of a data breach event that insurance can cover. We also want to provide, alongside this list of insurance liabilities, a common-sense understanding of what insurance can and cannot recover, and what liabilities might be avoided altogether with proper security in place:

Computer Network Repair

Covered by Insurance?  YES ***

If Also Protected by a Properly Secured Network?
With Network Protection, Advanced Malware Protection, Unauthorized User Prevention and Data Governance:
If malware or a bad actor is able to make it into a properly secured network at all, having these defenses in place will mean that the area compromised in the network will be minimal. This means network repair will be, likewise, minimal.

Consumer Notification Costs

Covered by Insurance?  YES ***

If Also Protected by a Properly Secured Network? 
Having a properly secured network minimizes the risk of consumer data ever being compromised. In the event of a breach, having the above security in place would make the breached accounts relatively minimal. 

Data Restoration Costs

Covered by Insurance?  YES ***

If Also Protected by a Properly Secured Network?
Restoring data that has a proper cloud backup will be a relatively easy experience.

Fines (Credit Card Companies and Government)

Covered by Insurance?  YES ***

If Also Protected by a Properly Secured Network?
Having a properly secured network minimizes the risk of facing fines.

Legal Fees

Covered by Insurance?  YES ***

If Also Protected by a Properly Secured Network?
Having a properly secured network minimizes the risk of legal fees resulting from data security negligence.

Business Interruption Costs Due To Data Breach

Covered by Insurance?  YES ***

If Also Protected by a Properly Secured Network?
With Cloud Backup in place, data can be restored quickly. While a business without a properly secured and backed-up network can suffer weeks of business interruption while restoring its network, a properly secured network can potentially be back up within hours.

Forensic Investigation

Covered by Insurance?  YES ***

If Also Protected by a Properly Secured Network?
If Data Governance is in place, it will be able to well assist any ensuing forensic investigation.

Losses Resulting from Extortion

Covered by Insurance?  YES ***

If Also Protected by a Properly Secured Network?
With Data Governance in place, the compromised network area should be very small. With Cloud Backup in place, compromised data can be restored.

Losses of Intellectual Property

Covered by Insurance?  YES ***

If Also Protected by a Properly Secured Network?
Network Protection, Advanced Malware Protection, and Unauthorized User Prevention work together to guard all intellectual property in the system. If intellectual property is stolen without proper network security in place, it will likely be impossible to trace who stole it and who it may have been sold to. Insurance cannot undo this.

Having Data Governance means your system is equipped to keep an audit trail on all interactions with intellectual property, thereby deterring actors – both outside the company and inside – from getting away with intellectual property theft. If they do, you will know who, what, when, where, and how.

Reputation Damage and the Resulting Loss of Business

Covered by Insurance?  YES ***

If Also Protected by a Properly Secured Network?
No amount of insurance can erase the damage of lost business, nor can it cure the reputation lost by not adequately protecting customer personal information. Having a properly secured network minimizes the risk of consumer data ever being compromised. A business that cares about its customers will care enough to invest in proper security.

Third Party Losses

Covered by Insurance?  YES ***

If Also Protected by a Properly Secured Network? 
Suppliers, Vendors, and Partners are benefited by your strong and secure network, resulting in stronger relationships with them.

Cost of Finally Implementing the Correct Data Security

If proper network security was not in place before the threat incident, chances are you have already spent quite a lot of money now on digital remediation services, even with the financial help of insurance. Furthermore, you will now be aware that much of the technology used to help you recover from the cyber attack is the same technology you would have had if you had secured your network in the first place. Furthermore, at this point you will feel the strong urge to equip your business with sufficient network security, if you have any money left.

*** Agent Laura Vasquez of Creekside Risk Management cautions:

…while each one of these exposures CAN be covered by insurance, this does not mean that each IS covered under every policy. To ensure each of these items are covered, it is important to have your agent review these specific coverages to see if they are included in a Cyber Crime Policy, Cyber Endorsement or Cyber Policy Enhancement Package.

It’s our recommendation that the agent get written (if possible) confirmation from an underwriter or claims adjuster prior to binding a policy to ensure your risk exposure fears are indeed protected!

Again, we want to stress that having complete confidence in the security of your data requires a both/and approach to the Cyber Security/Cyber Insurance debate, rather than an either/or approach.

Most businesses that invest in correct IT Security will have the advantage of effective malware protection and proper encryption, and they will also have proper policies put in place. That will give the business the visibility needed to effectively manage their network with all the actors using it, and piece of mind to have a completely restored system, and restored finances, should the unthinkable happen.

Contact Us

If you have specific questions regarding the protection of your business & system data, contact Secure Networkers and let us help. The strongest businesses invest in the strongest defenses. They prepare fortifications against both internal and external threats. A good provider of outsourced IT services can assist with any or all of these solutions.

%d bloggers like this: