Cybersecurity insurance is a contract that an individual or entity can purchase to help reduce the financial risks associated with doing business online. In exchange for a monthly or quarterly fee, the insurance policy transfers some of the risk to the insurer. Many companies purchase cybersecurity insurance policies to cover extra expenditures that could result from the physical destruction or theft of digital assets. Such expenditures typically include the cost of notifying customers that a security breach has incurred, as well as the cost of regulatory compliance fines.
To qualify for coverage, the individual or entity typically has to submit to a security audit by the insurance company or provide documentation with the assistance of an approved assessment tool, such as that offered by the Federal Financial Institutions Examination Council.
Many cybersecurity insurance policies only cover first-party losses to a company. Some policies, however, may also cover third-party liability losses. Depending upon the price of the policy, coverage may also include first and/or third-party liability for cyberextortion, costs associated with strengthening data security, damages due to corrupt or missing data, damages due to inoperable hardware or software and monetary loss from theft or lost business.
Because coverage is not often for the total amount of damages, many companies choose to buy additional insurance to cover amounts beyond which a cybersecurity policy covers.