If you purchase a car with good safety features, you hope you never need to use them. In an ideal world, you’d be 100% safe on the road, and those safety features would sit unused for years until you bought a new car.

Cybersecurity insurance is a bit like that. It’s something you hope you never need to take advantage of, but it might be helpful in the event of an emergency.

The difference between a car’s safety features and cybersecurity insurance, though, is that, while safety features might help you walk away from a crash without a scratch, no company walks away from a breach without feeling its effects.

While cybersecurity insurance can’t help stop a breach, it might help you offset the cost of cleaning up the mess after a breach occurs. The problem is that cybersecurity insurance is not cheap.

But, here’s the good news: How much cybersecurity insurance costs your organization depends, in large part, on the quality of your company’s cybersecurity program. Much like your organization, insurance companies must assess the risk involved in taking you on as a customer.

Customers who pose more of a risk—i.e. “who are more likely to experience a breach” (read: don’t have a comprehensive cybersecurity program)—will likely pay more for insurance.

Conversely, companies who pose less of a risk—i.e. “who are less likely to experience a breach” (read: DO have a comprehensive cybersecurity program)—will likely pay less for insurance.

In short—cybersecurity insurance isn’t a bad idea, but it’s unlikely to help you solve any problems. Rather, it will help you offset the cost of solving problems after they’ve already happened. You can protect yourself—and get a better rate—by implementing a comprehensive cyber security program.

Here are a couple of conversation starters for Boards:

  • How has management determined the amount of cybersecurity insurance the company needs?
  • What level of cybersecurity insurance does management require for critical vendors?

No matter where your organization is at in its cybersecurity journey, LBMC Information Security can help. Contact us today to learn more.

This blog is the eighth in a series titled, “Cybersecurity in the Boardroom.” The purpose of this series is to shift boardroom conversations and considerations about cybersecurity so board members, company management, and information security personnel can work together to implement a more effective cybersecurity program.