But cyber is still a relatively new market, and can be made unnecessarily complex by industry jargon, buzzwords of the day, and a lack of standardization in policy wordings. As such, many companies find themselves confused about how cyber insurance actually works and are skeptical about whether it makes sense for their business to purchase a policy.
To clear up the confusion, here are six of the most common misunderstandings that businesses tend to have about cyber insurance and how to overcome them.
-
The myth: We don't need cyber insurance because we invest in IT security
The short answer: No matter how much a company invests in IT security, they will never be 100% secure. The purpose of an insurance policy is to respond in the event that the worst happens.
-
The myth: We outsource all of our IT, so we don't have an exposure
The short answer: Even if you outsource your IT, the chances are you’re still liable. Assuming you’ll be successful in claiming back damages from a third-party is a risky gamble.
-
The myth: We don't collect any sensitive data, so we don't need cyber insurance
The short answer: Any business that relies on a computer system to operate, whether for business critical activities or simply electronic banking, has a very real cyber exposure.
-
The myth: Cyber attacks only affect big businesses, so we're too small to be a target
The short answer: Cyber criminals target the most vulnerable companies, not just the most valuable.
-
The myth: Cyber is already covered by other lines of insurance
The short answer: Some overlaps exist (as they do with all lines of insurance) but traditional insurance policies lack the depth and breadth of standalone cyber cover, and won’t come with experienced cyber claims and incident response capabilities.
-
The myth: Cyber insurance doesn't pay out
The short answer: The number of cyber claims continues to rise, in terms of both frequency and severity, and insurers are paying them.