Last Updated: 2019-08-25 21:05:41 UTC
by Guy Bruneau (Version: 1)
I recently was reading an article about Cyber Insurance and got intrigue on the type of coverage offered. Recovering from a Cyber attack can be very expensive and cyber security insurance offers the ability to transfer some of the risks to an insurance company. Some estimates that 1 in 3 company currently have cyber insurance. Then I found this presentation  that identified 10 misconceptions about Cyber insurance and provided an answer about each of them. I found very interesting the #1 Objection "We outsource our IT Services" and one of the 3 answers is even if the data is outsourced, "Legal responsibility CANNOT be transferred by contract", it is the data the company has been entrusted to protect.
I started looking around and found several companies offering various type of coverage that range from:
- Covering direct costs responding to an incident
- Lawsuits or claims resulting from a cyber incident
- Reputation management
- Regulatory fines payments.
The policy cost will vary according to several factors such as the industry, the company size, past claims (if any), security in place, etc.
For example, Equifax 2017 data breach cost them an estimated 1.4 billion  and they had only $125 million covered by insurance. In the past, this type of breach would have probably bankrupt the business.
I tried one of the Cyber insurance website to get a basic quote for a small IT company with 1 million in liability and the annual cost is $885 per year. Here is the result: