In May, a piece of ransomware known as“WannaCry” paralyzed businesses, government entities and GreatBritain's National Health Service in one of the largest globalcyberattacks to date.

The following month, it was ”Petya,” another massivecyberattack that crisscrossed the globe, bringing Russian oilcompanies, Ukrainian banks and a mass of multi-nationalcorporations to their collective knees.

As the frequency of cyber attacks reach epidemic proportion,cyber liability insurance has evolved in kind. Yet, many businesses still lack adequate protection.

Without the right cyber liability policy, one breach can put anotherwise stable company out of business. By taking the time tounderstand the threats, how to prepare, and what to look for in acyber liability policy, you can ensure that your business has thecoverage it needs to survive a breach.

The many faces of cyber crime

The problem is complex with nation-state hackers, hacktivists,nuisance actors, and cyber criminals all attacking companies indifferent ways and for different reasons. Although attacks vary,the type that most cyber liability insurance policies are designedto cover is cyber crime. Criminal actorspenetrate company networks and monetize their access to thatnetwork or the data they steal while there.

In some cases, the criminals access and sell company data, likepayment card or W-2 information, on an underground criminalmarketplace called ”The Dark Web.” In others, like aransomware attack, criminals encrypt proprietary data and demand anextortion payment, often in untraceable currency and often withonly days or hours for a company to respond.

An emerging type of ransomware attack, dubbed “doxware,” alsoencrypts company data, but instead of threatening to delete it,criminals threaten to post sensitive files on the Internet for allto see. Like any business, these organize criminal enterprises areadapting their methods in a changing world.

Whether attackers demand a ransom payment or monetize abusiness' intellectual property, these costs are often just thebeginning for a victim company.

Post breach, companies have to engage a Digital Forensics andIncident Response (DFIR) company to understand the scope of thebreach and get attackers off the network. Depending on the datathat was stolen, such as W-2 data or client data, victims have tobe notified by law and supplied with free credit monitoringservices. More often than not, companies also have to engageoutside legal counsel that specializes in data breaches, as well asa PR firm to mitigate reputational damage.

These direct, first party costs typically run between $300,000and $400,000. Worse yet, just when company leaders think the worstis over, they can get hit with a class-action lawsuit by breachvictims or regulatory fines and fees, all which insurance brokersdub third party costs.

Even if the company has the financial means to cover the losses,the time it takes to track down all the required post-breachresources can take so much focus away from daily operations thatit, like the attack itself, can bring business-as-usual to astandstill.

That's where cyber liability insurance comes in. It is not justa means of protecting against financial loss, but itis a conduit to services to restorecompanies.

The right policy not only relieves companies of the cost burdensresulting from an attack, but provides a direct link to outsideservices needed for resolution. The key is making sure youhave the right coverage and the right carrier.

Whether attackers demand a ransom payment or monetize abusiness' intellectual property, these costs are often just thebeginning for a victim company. (Photo: iStock)

What to look for in a cyber liability insurancepolicy

As cyber crime has expanded its reach, the marketplace for cyberinsurance has gotten much broader.

Several years ago, there were only a few dozen carrierswriting cyber liability insurance. Today, there are about 130.However, because it is not a standardized market, there is a greatdeal of variance between policies in terms of coverage, price andafter-event support.

For example, some carriers have a 24/7 breach response team inplace. These carriers have already contracted with the forensicproviders, credit monitoring companies, and specialized legalpractices. So, if your business gets hit, you call the waitingbreach response team to start the remediation process. However,this level of service varies greatly by carrier.

Pricing is equally varied due to a lack of actuarial dataand rapidly evolving breaches. Unlike auto policies withpredictable and comparable pricing between carriers, cyberliability quotes can vary by tens of thousands of dollars.

It's also critical to look beyond the overall coverage amount toeach per-incident line item. Some carriers have sub-limits,capping individual line items at a specific dollar amount. So, a $3million policy, for example, could have a $100,000 cap onnotifications and credit monitoring. If you seek out carriers thatprovide full limits and understand your industry and exposures,you're not going to get caught with unexpected out-of-pocketcosts.

Making sure your company is prepared

The reality is, there isn't a business or an industry that isimmune from cyber crime. So, take the time to educate yourself onthe topic. Understand your business assets and where you may bevulnerable to a breach. Talk to your insurance broker about thedifferent carriers that write this class of insurance, what theyoffer, and their resources if a breach occurs.

The simple act of filling out a carrier's cyber insuranceapplication will help you see security gaps in your organization. Apage full of “no” and “I don't know” answers will help you pinpointareas of weakness in your systems or processes.

Although most companies have disaster recovery plans in place,very few have a cyber incident response plan. Take the time todocument a formalized process that details what to do if a breachoccurs, including the internal team and outside resources involved,as well as contact information. Your insurance broker should beable to help in this process.

If a company is forced to react to a breach never havingconsidered their plan, the remediation will undoubtedly be clumsy,take longer and be far more expensive. Countless organizations havebeen caught on their heels and never recovered at all.

None of us can prevent cyber attacks from occurring. But, youcan make sure that your company has assessed and hardened yourinfrastructure, considered your response and the protection youneed to survive a breach and stay in business.

A little education, a solid plan, and right cyber liabilityinsurance, can make all the difference.

Evan Taylor is a risk consultant at NFP. He can be reachedvia email: [email protected]