Does it Pay to Have Cyber Insurance for Your Organisation?

rp_bigstock-Teller-Service-25170992-300x271.jpgOne of the downfalls of society is how everyone is always looking for an easy way out or for a scapegoat on which to place the blame. Regardless of the subject matter, we are anxious to find that loophole that shows it is not as it has been presented.

One area where this has become more visible than others has been in technology, where convenience and cost have become the drivers for a better business model. It seems as though we will do absolutely anything and everything in order to increase profits and revenue.

Most recently, digital security spaces have stepped up to get ahead. Thus, cyber insurance has become the popular trend. This is giving businesses the opportunity to step up, make an investment and insure their operations against Internet crimes.

Buyer Beware!

However, those purchasing insurance need to look at all the information and be aware of what the policy does and does not do. Just like other kinds of insurance, cyber insurance policies have fine print, caveats and legal jargon that impact the insurance company from paying out on the premiums.

An example of anther insurance fad is pet insurance. While pet insurance is advertised to cover veterinarian bills and similar pet related expenses, it can be a waste of time and money. If the pet needs a procedure that is not predefined or the problem is an unknown ailment, the insurance company will deny the claim.

If you currently have business insurance, you are probably already aware that whether or not a claim will be approved and paid is divided by a fine line. So it should not be surprising to learn that the fine print for digital security insurance is intricate and lengthy. Going through all the jargon can be complicated and time consuming.

The Details About Protecting Data

Basically, the fine print comes back to telling you how well you are protecting your data. If you are correctly protecting your data and organisation, you have significantly reduced the odds of being hacked. But, if you are hacked and your business is down for two days, have you worked hard enough to prevent the problem so the insurance company will pay the claim?

There are catches that come along with many things, and in this case, the catch is probably that you haven’t done enough to prevent the problem, according to the insurance company. You may think you have been adhering to the guidelines, but the insurance company will find a loophole somewhere.

Your business was down for two days, you have had 25 employees sitting there unable to do anything for two days and your business has not sent an invoice, placed an order or processed any sales for two days. You have lost thousands of dollars, but the insurance company doesn’t think you deserve payment.

In this case, the fine print tells you that you have to be down for three days before it warrants an insurance payout. To make matters even more complicated and worse, you are required to complete a 12-page detailed report about what happened, complete all of the proper forms and papers, then explain that you had done everything the policy required in order to protect your organisation.

We Found the Loophole!

But they got you on this one. Your patching wasn’t up to date. The passwords you used were not complex enough or as unique as required. And, they even uncovered one password that is still the default password.

To make matters worse, the firewall for your intrusion detection system was configured incorrectly. After all is said and done, the claim is denied because you didn’t follow everything that the fine print or exclusions required in order to make your policy liable to pay the claim.

So regardless of how hard you have worked to protect your business, you are out of luck. You have lost a few thousand dollars, a lot of time and effort and you have been paying for an insurance policy that is basically worthless. So before you invest in purchasing a cyber insurance policy, go over the fine print and make sure it will pay to have the coverage.


Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.