Should Your Business Have Insurance Coverage Against Cyber Risks?
Data breaches are costly to businesses, both in terms of technology fixes and legal liability exposure. According to the Ponemon Institute of Traverse City, in 2007, businesses paid almost $200 per compromised customer record. That means that a breach involving 100,000 records, a relatively small number by today’s standards, cost nearly $20 million.
Nearly $400 million was spent in 2007 on premiums for cyber coverage, up by between $50 and $100 million over the amount spent in 2006. With new and larger data breaches being reported on a daily basis, and more lawsuits filed based on those breaches, many insurance companies are offering expanded coverage designed to protect businesses from cyber risks. AIG, for example, now offers the "netAdvantage Suite" including coverage for damages and defense costs associated with a lawsuit arising from a data breach, network business interruption and errors and omissions liability for IT professional services.
Determining whether cyber coverage is right for your business depends on a variety of factors specific to your business model, IT strategies and risk tolerance. Obtaining insurance coverage against cyber risks can be one element of a comprehensive information security program that also includes appropriate technology solutions and customized policies aimed at protecting your business and its electronic assets.