Why Cyber Insurance Isn’t a Substitute for Good Cyber Security Practices
Yet in recent times, we’ve experienced a growth in the cyber insurance industry as an option for businesses that are hoping to protect themselves from this threat. This has led some people to be lax with their security practices, but this should not happen under any circumstance. The logic behind this approach is flawed. Would you drive recklessly simply because you have car insurance?
Let us review cyber insurance and its benefits and drawbacks:
What Is Cyber Insurance?
Cyber insurance is a service which, in most circumstances, will reimburse you for costs related to a data breach or other forms of cyber-attack. It will often cover liability and services relating to the protection of those affected by the breach (credit monitoring services, for instance). Things such as notification costs, legal claims and some business losses might also be covered through a good policy.
It should also be noted that some policies might come with standards and stipulations (again, much like car insurance or building insurance). Most aren’t a complete form of protection, and as a small business owner should be wary for that reason.
Cyber Insurance Cannot Give You Back Your Reputation
The main reason cyber insurance isn’t a substitute for security is the fact that it can reimburse costs, but it can’t make people forget that a breach occurred under your watch, or that their information was put at risk after your business was trusted with it. A business’ reputation will suffer from a data breach, and while you can mitigate damage with openness and a guarantee of protection, customers will be unlikely to trust you with future business if you’ve already had a big lapse.
It Might Be More Cost-Effective to Simply Defend Yourself
Depending on the amount of data you need to protect, and the cost of the cyber insurance plan, it simply might not be the best option for you. Your business might not use too much data (or keep data) in its transactions. The cost could be prohibitive for a new business.
While you should never neglect your business’ cyber security, you might be better off having solid protections in place, instead of an expensive insurance policy. It is unlikely that you would spend more than $50 per month on great cyber security for your small business.
What Cyber Security Practices Do You Need?
Now that the downsides of cyber insurance have been revealed, there still remains the question of what practices a small company should have to prevent a data breach. While this is an extensive topic, your business can start with these basics:
- You should have a business-wide security suite that will prevent malware from infecting networks and devices. Your website should also have similar protections.
- Employees should be trained to spot scams and phishing attacks. Human error is the cause of the vast majority of data breaches, and cyber criminals will attempt human engineering before most other tactics (it’s far easier for them, especially since there’s usually someone at a business that will fall for it). Training should be updated every six months or as needed.
- A Virtual Private Network (VPN) or proxy should be used whenever business activities are involved outside of the office. Otherwise they could be at risk of data theft on unsafe public networks. The VPN will also allow for safe account access and communications.
What are your thoughts on cyber insurance? Do you think it is a good option for your business? Why or why not? Are you going to change any of the cyber security practices of your business? Please leave a comment below and share your thoughts.
Editorial Note: Any opinions, analyses, reviews or recommendations expressed in this article are those of the author's alone, and have not been reviewed, approved, or otherwise endorsed by any of these entities.