Feature: Cyber Insurance – What’s It All About?

August 2nd, 2019

Defendify’s article on cyber insurance was recently published on Cyber insurance is no substitute for a strong cybersecurity program, but it is an important consideration for you and your customers. Read our thoughts for cybersecurity providers here, and then check out the original article on

You do everything you can to protect your valued customers from cybersecurity threats, but as the cliché goes, there’s no such thing as 100% security. Despite best intentions and preventative measures, cybersecurity incidents can happen, so it’s important to be prepared.

Enter: Cyber insurance, a specific kind of business insurance you – and your customers – can implement to offset the financial strain and remediation burden of a cyberattack.

All About Cyber Insurance

On average, a data breach costs a Small Business $120,000 – and it’s typically not covered by general liability insurance. Cyber insurance policies can cover many of the costs related to a cybersecurity incident, often including:

  • Legal expenses
  • Computer, system, and network repair
  • Data recovery
  • Customer notification and protection
  • Lost revenue due to business downtime and interruption
  • Ransom payments demanded by cyberattackers

In addition to what is covered, cyber insurance also varies on who is covered:

  • First-party insurance covers costs to the insurance holder (e.g. lost revenue).
  • Third-party insurance covers liability from other parties affected by an attack to the insurance holder (e.g. customers whose information was stolen).

Whether your customers choose one or both depends on their business. As a provider, you’ll likely want to consider both first-party and third-party insurance for your own business in case you do experience an incident.


Preparation, Not Prevention

Cyber insurance is part of a strong cybersecurity posture, but it won’t stop an attack from happening. Recovery from a cyberattack can be painful even with an insurance payout. There are intangible costs to consider, such as downtime, reputation damage, and loss of trust. And insurance won’t always cover 100% of the costs: there are limits and exemptions by situation.

The best bet is still reducing risk from the start – something that can only be accomplished with an ongoing, holistic cybersecurity program. The cyber insurance provider may even be more likely to approve a claim if it’s clear a strong preventative program was in place.


What’s Next?

Cyber insurance is an important financial safeguard that can ease the recovery process from an attack, and your customers may look to you for guidance. Here are a few steps to get started.

  1. Start the conversation: Explain the role of cyber insurance with customers and encourage them to discuss options with their insurance provider.
  2. Discuss and decide: Work with customers to detail risks to their business and how cyber insurance can help. Help them decide which incidents they’ll need covered and find the right package for them.
  3. Enhance protection: Be sure your customers have a strong cybersecurity program to keep their cyber insurance as a last resort only. And make sure that program covers critical aspects of foundation, culture, and technology.
  4. Update the Incident Response Plan: Help your customers update their Incident Response Plan to include their new cyber insurance policy, including details on when to contact them and which incidents warrant a claim.


Read the original article on


Stay Safe,

Your Friends @ Defendify

Your cart