Is Cyber insurance really necessary?

Yes, it should be a core coverage every business has with the cost of cyber incidents often exceeding several million dollars when you include the cost of lost data, the costs to restore your systems, the cost to notify and insure thousands of affected customers, damage to your reputation, etc.

What does DataStream cover when my business suffers a cyber attack?

DataStream pays to get your technology and business back up and running; covers costs suffered while your systems are down, helps pay to harden your systems, covers liability from confidential data losses and damage to other businesses, and helps to repair your reputation.

What does cyber insurance actually do?

Think of cyber insurance like car insurance – even if you have the best technology on the market, or you drive the best car, sometimes in life something will suddenly appear that you can;t defend yourself against. In a car, it could be another driver pulling out unexpectedly at a crossroads, and giving you (and your car’s technology) no time to react. The car’s technology might save your life, but without the insurance how will you pay for the car to be replaced so you can continue on your journey. Cyber insurance is there to do the same. If, and it is an if, you get hacked or breached by cyber criminals, cyber insurance is there to help pick up the pieces and get your business back up and running again. It’s helps cover the costs of things like data loss, replacing technology, legal fees and all the other issues a cyber attack causes. Read more about our coverage here.

We're here to help!

Q: I already have good cyber security, why do I need cyber insurance on top of it?

Even with the best cyber security, falling victim to a cyber attack or data breach is not a question of IF but WHEN. Cyber attacks have increased by 574% in 2020, with 73% of attacks targeting small businesses. Good cybersecurity helps reduce the likelihood of an attack, but it doesn’t eliminate it. Cyber insurance acts as a last line of defense, assuring that your business will survive and recover if a cyber incident does happen.

Q: How much cyber insurance coverage do I need?

There’s no one-size fits all approach – because every business is different and so the costs involved in supporting you to get back on your feet after an attack are individual to your business. At DataStream, our focus is firstly, on supporting you and your business, with the help of your cyber security technology Managed Service Providers (MSPs) to be more resilient before an attack ever happens. But as part of that process, we also work with you to understand your risk profile, and what you would need if attacked, and we work the policy out that way. By partnering with you and your technology providers, we can more intimately assess the level of support you need, so you get everything you require, without paying a cent more than you need.

Q: How can I reduce the cost of cyber insurance?

The key thing here is only to reduce your premium cost, rather than reducing your cover. At DataStream we work with you and your MSP to constantly assess and improve your cyber resilience, by assessing your tech stack against known threats and supporting in areas like staff training – for example helping colleagues understand the threat posed by phishing emails. Because we, uniquely, work as partners in the cyber security sector to increase resilience, and because we are able to more accurately understand your risk, we are able to correctly price our policies to accurately reflect your business – thus lowering your costs.

Below you’ll find answers to frequently asked questions about cyber insurance and DataStream.

What’s the benefit of working with a cyber insurance specialist like DataStream?

Cyber insurance isn’t like the rest of the insurance market.

You need to understand cyber security, technology, the unique cyber insurance products, privacy laws and data related laws. We often equate it to a specialist in the medical field. Your family doctor is great for your general medical issues. If you need heart surgery, you find someone who specializes in that area of medicine.

How can I reduce the cost of cyber insurance?

Our focus is on reducing your premium costs without compromising coverage. At DataStream, we collaborate with you and your managed service provider (MSP) / IT provider to continually assess and enhance your cyber resilience. We evaluate your tech stack against known threats and support your business with initiatives like staff training on recognizing phishing emails and other threats.

By partnering closely in the cybersecurity sector, we better understand your risks, accurately price our policies, and help lower your costs.

What is the process for obtaining cyber insurance with DataStream?

Here is the process of working with us:

Fill out & submit an application.
If necessary, we work with your IT provider to address any outstanding cyber security issues so you can get the best pricing.
We send you quotes from 40+ carriers and help you compare those options.
Then, you will bind the best quote that fit your needs with us.
Congratulations! Your business is now protected with cyber insurance.

I already have good cyber security, why do I need cyber insurance on top of it?

Even with the best cybersecurity measures, falling victim to a cyber attack or data breach is increasingly likely.

In 2022, the cost of a data breach averaged $4.45 million globally, marking a 15% increase over three years. Moreover, 58% of malware victims were small to medium-sized businesses (SMBs), and cyberattacks against small businesses surged by 424% in the last year alone (Varonis Data Security) (Packetlabs) (Hacked.com).

Effective cybersecurity reduces the likelihood of an attack but cannot eliminate it entirely. Cyber insurance acts as a critical last line of defense, ensuring your business can recover and survive if an incident occurs. It provides financial protection and support, covering costs associated with data breaches, legal fees, and recovery efforts. This makes cyber insurance a vital component of comprehensive cybersecurity strategy (Varonis Data Security) (Packetlabs) (Hacked.com).

How does DataStream specifically work with my IT partner?

We partner directly with your IT partner to make sure that your technology and overall cyber security strategy is aligning to what the insurance market sees as the most effective cyber security efforts. We see tremendous benefits from taking a team approach with having your experts in technology and insurance working together.

How does cyber insurance fit into overall cyber risk program?

A comprehensive cyber risk program includes three main areas:

Cyber security technologies and services that are often handled by an IT department or an outsourced IT vendor like an MSP
Compliance-related activities that align to an organization’s speciﬁc industry
Cyber insurance that ensures the company doesn’t face the losses in case of an attack

Ideally, these three areas work together, but cyber insurance often acts as the “defacto” regulator and sets the standards an organization should meet in technology and the compliance areas.

Insurance in particular is very good at measuring risk, and the suggestions and requirements are a very good measure of what ultimately will keep an organization safer.

How can I avoid cyber insurance pitfalls?

Five Steps to Avoid Cyber Insurance Pitfalls:

Firms don’t know why they need cyber insurance.
- Don’t let your thinking get WARPed…
  - Wrong: Assuming security takes place of insurance.
    - It doesn’t! The best security tools and teams will still have a chance of failure.
  - Application: Applying for insurance is too complicated & confusing.
    - Not with the right cyber insurance specialist! With DataStream, it’ll take 15-20 minutes to get quotes from 40+ carriers!
  - Risk: Assuming your business is too small to be hit.
    - You aren’t! Obscurity isn’t security. SMBs account for 98% of cyber insurance claims.*
  - Price: Cyber Insurance is too expensive.
    - Not for most SMBS – 80% of firms can get $1M in coverage for $900-$2400!
Firms don’t know what they need.
- Common Mistakes When Choosing Insurance:
  - Not understanding policy exclusions.
  - Assuming all cyber policies are the same.
  - Comparing policies solely by price.
  - Overlooking policy sub-limits.
  - Not knowing specific coverage needs.
  - Believing general liability policies cover cyber risks.
- Result of Mistakes: Choosing an insurance product that doesn’t fit the business.
- Preparation Tips:
  - Conduct a Business Impact Assessment (BIA) to identify key coverage needs.
  - Review current cyber coverage (add-ons, endorsements, warranties, standalone policies).
  - Ensure coverage includes key areas and consider a minimum limit of $1M.
  - Understand the policy limits typically chosen by peer companies.
Firms aren’t ready to apply.
- Insurance companies price risk by how likely you are to have a cyber event & how severe events will be if one happens. You look like a ‘bad risk’ if…
  - you’re missing key cyber security technology controls.
    - Failing to prioritize proactive cyber security
    - Ignoring free cyber risk resources offered by vendors
  - And you’re missing key personal processes, training, & plans.
    - Overlooking employee training and awareness
    - Neglecting incident response or disaster plans
  - This will lead to fewer quotes and higher prices.
    - Especially when applying for policy before mitigating key risks
Firms struggle during the application process.
- You should now be in the easy part! If you…
  1. Know the importance and value of cyber insurance.
  2. Know your business and cyber insurance basics, so you know what coverage you need.
  3. Already have the right basic cyber security technology and cyber security people/processes/plan in place.
Firms don’t stay on top of their risk.
- Once you have the right policy in place, two key things to remember:
  1. Maintain your cyber posture.
    - The #1 reason (aside from incorrect applications) that claims are denied comes from firms failing to maintain the cyber security they originally had in place.
  2. Keep aware of a changing landscape.
    - What fits your business this year, might change next year. Make sure to revisit your risk when renewing.

Download “How to Avoid Common Cyber Insurance Pitfalls” infographic here: How To Avoid Cyber Insurance Pitfalls (Downloadable Infographic).

What is cyber insurance?

Think of cyber insurance like car insurance. Even with the best technology or the safest car, unexpected events can happen.

In a car, another driver might pull out unexpectedly, leaving you no time to react. The car’s safety features might save you, but without insurance, how would you pay for the repairs? Cyber insurance works similarly for your business.

If you’re hacked or suffer a data breach, cyber insurance helps you recover by covering costs like data loss, technology replacement, legal fees, and other expenses a cyber attack can cause. It ensures your business can get back on track after an incident.

Read more about our coverage here.

What other services does DataStream offer?

If you work with DataStream, our team will:

Review your existing cyber security tools, technologies, and posture
Help you to put together an incident response plan
Measure your overall cyber risk
Help you to put together a business impact assessment
Run mock cyber incidents
Provide an analysis of how you compare to other organizations in your industry from a cyber risk perspective

How much cyber insurance coverage do I need?

There’s no one-size-fits-all approach to cyber insurance. Every business is unique, and the costs involved in supporting you after an attack are specific to your situation.

At DataStream, we focus on supporting you and your business, working with your IT provider / Managed Service Provider (MSPs) to enhance your cyber resilience before an attack occurs.

We also work with you to understand your risk profile and what you would need if an attack happens. By partnering with you and your IT provider, we can accurately assess the level of support you need, ensuring you get the right coverage without overpaying.

What does cyber insurance cover?

A good cyber insurance policy is going to cover the vast majority of technology related incidents including:

Ransomware
Business interruption related to cyber attack
The cost related to losing or having records stolen
The theft of money by electronic means
Notiﬁcation expenses if you lost private or conﬁdential customer data
PR and reputational damage
Fines and penalties charged by organizations
The incident response costs related to these activities
The legal costs associated with these incidents

What types of coverage are there?

In essence there are two kinds of coverage you need – although at DataStream we don’t exclude either from every policy we sell.

Firstly, there is first-party coverage – in other words, the damage done to your business. DataStream has broad first-party coverage ensuring we cover losses and damages done to your company’s computers, networks, IT systems, data, and business (things like reputational damage or the need for external services like legal) resulting from a cyber attack.

The second element is third-party coverage – or damage done to third parties you work with or serve – like customers. Here, again, DataStream offers comprehensive third-party coverage including losses or damages like data loss or stolen information.

How extensive is your network of carriers and product offerings?

We work with 40+ carriers, and many have multiple products, so there are dozens of potential options.

What are some common cyber insurance myths?

Myth: Cyber Insurance Covers All Cyber-Related Losses

Fact: Cyber insurance policies typically cover specific types of incidents, such as data breaches, ransomware attacks, and network failures. However, they may not cover all cyber-related losses, especially if the policyholder has not met certain conditions, like maintaining basic cybersecurity practices. Additionally, indirect losses like reputational damage may not be fully covered.

Myth: Cyber Insurance Doesn’t Pay Out in The Event of an Attack.

Fact: According to the Insurance Information Institute, 97% of those insured said their cyber insurance was adequate to cover their incident costs.

Myth: Having Cyber Insurance Means You Don’t Need Cybersecurity Measures

Fact: Cyber insurance is not a substitute for strong cybersecurity practices. In fact, insurers often require businesses to have certain security measures in place to qualify for coverage. Without adequate cybersecurity, businesses may face higher premiums or even denial of claims. Cyber insurance should be part of a broader risk management strategy that includes robust cybersecurity practices.

Myth: Cyber Insurance Policies Are All the Same

Fact: Cyber insurance policies vary widely in terms of coverage, exclusions, and conditions. It’s crucial for businesses to carefully review and understand the terms of their policy to ensure it meets their specific needs. Customization is often possible, allowing businesses to tailor coverage to address their unique risks.

Myth: You Can Get Cyber Insurance After a Breach

Fact: Cyber insurance is designed to protect against future incidents, not to cover losses from incidents that have already occurred. If a business tries to obtain coverage after experiencing a breach, they are likely to be denied. It’s important to have insurance in place before an incident happens.

Myth: Small Businesses Don’t Need Cyber Insurance.

Fact: Small businesses are increasingly targeted by cybercriminals because they often have weaker security measures. Cyber insurance is essential for businesses of all sizes to protect against potentially devastating financial impacts from a cyber attack. In fact, small businesses are often less equipped to recover from such incidents without insurance.

Myth: You Don’t Need Cyber Insurance If You Invest in IT Security.

Fact: 95% of successful cyber attacks and incidents are the result of human error: an employee can still click on a malicious link even if you provide training and security measures.

Myth: If You Don’t Collect Sensitive Data, You Don’t Need Cyber Insurance.

Fact: All of your data is important to your business, and data breaches can incur financial losses, including damage to customer trust.

Myth: My General Liability Policy Will Protect My Company.

Fact: Cyber insurance exists because it fills in the holes that traditional insurance policies have been unable to fill. Some policies offer limited coverage for data theft, but they don’t tend to cover first party costs associated with responding to a breach.

Myth: The Business Being Attacked is The Only Party That Can Suffer Losses.

Fact: If a business is attacked, it could lead to disruptions in its suppliers’ operations or affect downstream partners, resulting in financial losses for those entities as well.

What are some common cyber insurance pitfalls?

Common pitfalls in cyber insurance often stem from misunderstandings or gaps in coverage planning.

Here are some common cyber insurance pitfalls:

Working with a generalist that doesn’t specialist in cyber.
Assuming cyber attacks won’t happen to small businesses.
Failing to tailor the policy to specific cyber risks.
Overlooking what the policy doesn’t cover.
Not realizing policies vary widely.
Lacking proactive measures raises premiums.
Mistakes in applications may void claims.
Not preparing for incidents increases recovery costs.
Neglecting coverage adjustments as risks evolve.
Not consulting IT leads to misaligned coverage.
Not understanding your coverage needs.
Comparing policies based purely on price.
Not understanding a policy’s sub-limits.
Ignoring free cyber risk resources offered by vendors.
Applying for a policy before mitigating key risks.
Assuming security takes the place of insurance.
Price of insurance costs too much.
Applying for insurance is too complicated and confusing.
Overlooking employee training and awareness.
Failure to maintain.
Thinking other general liability policy covers cyber risk.
Policy won’t pay out.

Download the common cyber insurance pitfalls infographic here: Common Cyber Insurance Pitfalls (Downloadable Infographic).