percent of ransomware victims had antivirus protection. Unfortunately, in some cases, prevention is not
            enough.

            What is cyber liability insurance?

            Cyber liability insurance is a specialty insurance line intended to protect businesses (and the individuals
            providing services from those businesses) from Internet-based risks (like ransomware attacks) and risks
            related to information technology infrastructure, information privacy, information governance liability, and
            other related activities. These types of threats are generally excluded from traditional commercial liability
            policies or are poorly defined. It’s often a logical step in protecting data once an organization has already
            put in place the necessary and recommended security and privacy protocols to protect against data theft.



            Does my organization need cyber liability insurance?

            Despite being the primary target for most ransomware attacks, 80 percent of SMBs do not have cyber
            insurance protection. Many SMBs falsely assume they don’t need the coverage if they don’t do payment
            transactions. But the reality is that cybercriminals are using social engineering and phishing scams to
            steal personally identifiable information (PII) and to gain access to networks and accounts. This type of
            loss can create liability for the company and require expensive forensics and remedial actions – including
            alerting  thousands  of  customers  by  mail  and  purchasing  identity  theft  protection  for  them  after-the-
            fact. And if hit by a ransomware attack for example, it can mean total lockout of data sets, systems,
            accounts and more (if proper backup protocols are not in place) – that cost can be catastrophic.



            What coverages does my business need (and what does it cost)?

            The amount of insurance needed truly depends on your business size. In many SMBs, $100,000 is often
            enough. However, when evaluating the amount of coverage, it’s wise to remember that the cost of a
            ransomware attack is often more than just the ransom itself. For example, one 50-employee company
            was hit by a ransomware attack, which cost them $6,000 in ransom. However, it also cost $15,000 for
            forensics, $20,000 in legal fees, $12,000 in fines, and $20,000 in data recovery. While the initial sum
            demanded was manageable, the total expense was more than $73,000. The cost of the policy itself can
            range  from  a  few  hundred  dollars  up  to  several  thousand  dollars  a  year,  depending  on  requested
            coverage.



            What exactly does it protect the company from?

            Most policies protect from e-theft, ransomware, telecommunications theft, and social engineering fraud.
            Social engineering fraud refers to the transfer of money or securities to a person or account beyond the
            insured entity’s control by an employee. This can help protect the organization from cybercrime generated
            within the infrastructure of the business (insider threats). Having insurance that protects the organization
            from both internal and external threats is the best way to ensure an unforeseen incident will be covered.






            Cyber Defense eMagazine – September 2020 Edition                                                                                                                                                                                                         122
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.