Let’s talk about insurance and what it’s actually intended to do. According to Google’s dictionary, insurance has two meanings:
1. A practice or arrangement by which a company or government agency provides a guarantee of compensation for specified loss, damage, illness, or death in return for payment of a premium.
2. A thing providing protection against a possible eventuality.
From what we can gather on the definition of insurance, insurance is protection. Insurance does not replace anything or anyone; it is there to provide assistance when an event occurs. This is a common misconception about insurance. Insurance does not always replace 100% of the losses caused by an event – whether that be life insurance, car insurance, health insurance, or any other type of insurance.
One of the more recent types of insurance that companies are purchasing is hacker or cyber insurance. Some companies think that by purchasing this type of insurance, they will be protected by hackers. This is not the case. In fact, Heartland Payment Systems faced a huge loss in 2009 from a massive data breach. Heartland Payment Systems thought that their $30 million cyber insurance policy would completely cover their company in the event that a breach occurred. The total cost of the data breach was $139.4 million. Heartland Payment Systems did recover their $30 million insurance policy; however, they were still hit with an additional $109.4 million in expenses from the breach. Keep in mind that Heartland Payment Systems also has to pay yearly premiums for the policy as well as a deductible to file the claim and collect the $30 million policy.
With any type of insurance, companies pay yearly premiums. The $30 million that Heartland Payment Systems received was due to a yearly premium that they paid. To give you an idea of how much premiums cost, Unbrokerage provides a $100,000 policy for $250 per year. In the event that there is a need for a claim, there is a $1,000 deductible.
Let’s do some quick math, if you had the policy for 4 years before the breach occurred, here is how much your company would actually receive:
($250 X 4 years) + $1,000 deductible = $2,000
$100,000 insurance policy – $2,000 cost = $98,000
Your company would actually receive a benefit of $98,000. In essence, you did profit since you only paid in $2,000. Furthermore, according to IBM’s 2016 Cost of Data Breach Study, the average cost for 2016 was $3.8 million – $4 million. The $98,000 isn’t looking very beneficial anymore and is less than 3% of the total cost of the average data breach in 2016.
One last topic to note is that just like homeowner’s insurance and car insurance, not all events are covered by cyber insurance.
Insurance is not there to replace your network security, it is merely a supplement. It is there to assist you in the event that a cyber-security breach or hack occurs. Assistant Director of the FBI’s Cyber Division states: “You’re going to be hacked. Have a plan.” What is your plan? Your plan should not be cyber insurance. Your plan should be security measures that prevent even the remote possibility of a breach. One of those security measures should be to have a system in place to prevent weak passwords. Be sure to check out the nFront Password Filter for more details.