Cyber Risk Retainers: Not Another Insurance Policy

The costs associated with a cyberattack can be significant, especially if a company does not have an Incident Response plan that addresses risk.

The one-two punch of a cyberattack can be devastating. There is the breach and then the related mitigation costs. Implementing a comprehensive Incident Response (IR) gameplan into a worst-case-scenario should not be a post-breach scramble. And when that IR strategy includes insurance, it also must address a business’s level of cyber risk.

A 2021 study by NetDiligence analyzed over 5,700 claims and the average claim cost for an organization with less than $2 billion in revenue was $354,000. Larger organizations incurred on average over $16 million in costs.

The cost issue is compounded when ransom payments are included in the calculation, which can significantly increase insurance claim payouts. Unsurprisingly, this trend has led many cyber liability insurance carriers, as well as law firms who specialize in data breach, to encourage their clients to strengthen their cybersecurity controls and seek more formal relationships with digital forensics and incident response firms.

For most, an IR retainer will be a formal relationship to safeguard the organization if the worst was to happen. It

Read More: