Cybersecurity is becoming an important board-level issue because hackers are getting more sophisticated and the cost of a successful cyberattack can bring a business to its knees. Consequently, CEOs and other business leaders should be demanding more visibility into what the company is doing to protect itself from cybercriminals.

Nearly all businesses can expect to be targeted by hackers at some point. Most businesses have robust security measures in place to prevent, detect and remediate these intrusion attempts. However, no matter how sophisticated the defence mechanisms are, there is always a chance that a sufficiently motivated cybercriminal will find a way in.

The consequences can range from financial losses to an inability to operate, and the knock-on effects can include significant damage to a company’s reputation, as has been seen in recent high-profile breaches. Some of the victims of these breaches have taken massive hits to their stock prices, which can be hard to recover from.

While it’s not possible to prevent every single attack from happening, businesses now have a way to mitigate the fallout of a successful cyberattack: cyber insurance. Cyber insurance is a form of insurance that can help protect organisations if they’ve been breached. It works like other types of insurance such as theft.

Cyber insurance is also known as cyber liability insurance. It’s important because general liability insurance or theft insurance policies tend to exclude cyberattacks. To be fully covered, therefore, a business needs to consider specialised cyber insurance.

These policies can cover legal fees and expenses associated with a successful cyberattack, especially if the attack falls under the government’s Mandatory Breach Notification Scheme, requiring the business to notify all affected parties of the breach.

Cyber insurance can also help cover costs associated with rectifying identity theft that customers may have suffered as a result of the breach, recovering compromised data, and repairing damaged systems.

There are three key aspects to consider when it comes to choosing cyber insurance:

  1. Requirement

    If the nature of the business is such that a cyberattack is unlikely to have a significant effect on its ability to operate, then there may not be much value in cyber insurance.

    However, if, like most businesses, the organisation would lose money and time, and suffer reputational damage as a result of a cyberattack, then cyber insurance makes sense to help recoup those losses.

  2. Budget

    Like any form of insurance, it makes sense to get the highest level of cover possible within the available budget. If budgets are limited, some insurance is better than none.

  3. Risk

    Before choosing a policy it’s important to understand both the actual risk of being successfully attacked, along with the potential repercussions of an attack.

    Only by calculating the risks and costs can business leaders get a true sense of the level of cover they may need.
    Having strong security measures and approaches in place can reduce the cyber insurance premiums a company must pay, and it can increase the chance of a successful claim if a cyberattack is successful.

Cyber insurance is only just starting to gain traction in Australia. Understanding what policy is right for a business can be complex. Business leaders should approach cyber insurance the same way they’d approach other risk management measures: by getting expert advice and information, then weighing the cost of doing nothing versus the cost of insurance.