As companies come to terms with cybersecurity risks, they’re faced with questions of how to address them—and how much it’s all going to cost.
One potential expense is cyberinsurance, which covers calamities that general policies typically don’t, said J. Wylie Donald, a Wilmington, Delaware-based partner of McCarter & English in the cybersecurity and data privacy group.
“Property insurance—if my building’s going to burn down, that’s easy,” he said. “Cyberinsurance—that’s not a given … but you can’t operate your business if your computers are [down].”
Donald, citing information obtained from a broker, said an annual premium typically ranges from $10,000 to $25,000 per $1 million in coverage, though rates for retail corporations would be higher.
He said at least 50 carriers offer cyberinsurance as an independent or add-on policy.
The “uptake” of cyberpolicies is increasing as hacks of major corporations proliferate in the news, but “small companies ought to be more concerned” because of their limited resources, Donald said.
“The bad guys would love to hack you, because you’re not JPMorgan,” he added.
“When you look at risk … you either accept it, you transfer it, you mitigate it, or you destroy it,” Donald said. “Insurance is just another tool for dealing with the risks that are out there,” but “you can’t deal with all the risks through insurance.”