Do I Need Hacker Insurance?

You get a call at 3 a.m. It’s Dave in the data center. You’ve been hacked.

Getting hacked comes in various forms. It can be a virus that spreads through your employees desktops/laptops. It can be a denial of service attack that tries to overwhelm your servers so your customers and employees can’t access them. It can be a security breach where a hacker gains unauthorized access to your company’s electronic files and steals or destroys information. And when these things happen, they can cost a pretty penny.

But are they going to cost you more than the hacker insurance?

If you’re considering hacker insurance, you have to consider how much damage a hacker can do and how much it will cost to fix or clean up. You also need to look at what the policy will cover. Since this is a new field, insurers and insurance buyers are still working out some of the fine points.

For example, if your business is dependent on e-commerce and your customers can’t access your web site because of a denial of service attack or a hacker has crashed your site, you can’t make sales. But what does the hacker insurance pay for? Does it pay the costs of the emergency staff, services, and equipment it takes to get you back up and running? Does it reimburse you for the lost sales? How does it calculate the value of the lost sales?

Another thing to think about is how much it’s going to cost you to keep the hacker insurance. Besides premiums, the insurer may require you to pay for regular security screeening by independent consultants who determine if your security is up to the insurer’s standards. Every time you make a change to any functional portion of your web site, even a search script, you may have to pay to have it audited by an independent security consultant to ensure it’s not creating a new vulnerability.

Some of the costs of a hacking incident may already be covered in one of the service contracts you have for maintaining some part of your infrastructure. You want to make sure you audit those agreements before buying a hacker/hacking policy, because money spent on overlapping coverage is money wasted.

Most importantly, if you don’t know enough to estimate the ways you could be hacked and estimate their costs, get someone who does to help you. If you just buy a policy out of the fear of being hacked, you could end up paying through the nose for coverage that’s far in excess of what you need. If you don’t know to the penny what getting hacked could cost you, you won’t be in a position to evaluate whether hacker insurance is a good business choice or a bad choice being made out of fear.

Comments are closed.