Cybersecurity: Cost Implications & How to Handle the First 24 Hours

Cybersecurity: Cost Implications & How to Handle the First 24 Hours

May 28, 2021

Cybersecurity threats for government, business, and individuals have persisted since the beginning of the Internet. However, in the past year, cybersecurity breaches across the United States have skyrocketed.

In this article, we will cover:

The Costs & Implications of Recent Cyber Attacks

The FBI estimates that cyber hacks in 2020 increased by 300%. This year appears to be on trend with the same level of cybersecurity issues. According to Cybersecurity Ventures, cyber attacks in 2021 are projected to hit $6 trillion in annual loss (double since 2015!).

The average business cost of a cyberattack is estimated to be $3.86 million. It takes over 200 days to detect the breach according to IBM. Remember the Solar Winds attack?

The latest casualty in the cybersecurity infiltration was Colonial Pipeline. This attack nearly immobilized a large region of the United States and caused gas prices to soar.

Aside from the economic implications of such a cyber hack, Colonial Pipeline had to pay $5 million to the hackers to restore their systems. Experts insist that is a very low ransom for a company like Colonial Pipeline.

Cyber hacks are not solely a concern for the government, infrastructure, or big business. Small businesses, cities, and towns are impacted daily with such security risks. Small metropolitan cities, like Tulsa, Oklahoma, have had recent instances of cyberattacks that enable parts of their operations.

Houston-based businesses should heed the caution of a story such as Colonial Pipeline, Solar Winds, and even Tulsa, Oklahoma. Cybersecurity coverages are well worth the peace of mind knowing you have protection should you ever need it.

The Importance of a Standalone Cyber Insurance Policy 

In the past, many organizations have relied on standard property and liability coverage rather than a standalone cyber insurance policy to provide protection for cyber incidents. 

In fact, a recent survey from the Insurance Information Institute found that over half (59%) of organizations don’t possess dedicated cyber coverage

As digital threats continue to advance—contributing to a significant surge in both the cost and frequency of cyberattacks across industry lines—neglecting to purchase a standalone cyber insurance policy has become an increasingly high-risk practice. 

After all, organizations’ elevated cyber exposures have motivated the vast majority of traditional property and liability insurance carriers to revise their policy terms as it pertains to protection for such exposures. 

Many standard insurance carriers have begun implementing additional policy restrictions and more stringent coverage conditions related to cyber incidents in an effort to prevent unexpected (and costly) underwriting losses. Some carriers have even updated their policy wording to explicitly exclude coverage for cyber-related losses altogether.

That being said, a growing number of organizations that aren’t equipped with standalone cyber policies are encountering coverage gaps within their commercial insurance programs. In the event of a cyberattack, these organizations would either receive only partial reimbursement for the resulting losses from their traditional property and liability insurance, or no assistance whatsoever. 

Especially in the midst of soaring cyberattack intensity, such a lack of coverage could lead to lasting financial hardships, delayed recovery capabilities and severe reputational damages. 

With this in mind, it’s crucial for your organization to ensure a clear understanding of the extent of coverage that your standard property and liability insurance provides for cyber-related losses. 

If this coverage is insufficient for the degree of cyber exposures that your organization is facing, securing a standalone cyber policy might be necessary to maintain adequate protection.

Remember that every organization’s cyber risks are different. Be sure to consult a trusted and experienced insurance professional to determine your organization’s unique cyber exposures and subsequent coverage needs. 

For further guidance and insurance solutions, call us at 713-869-6991

How to Handle the First 24 Hours After a Cyberattack

When a cyberattack occurs, how your organization responds can make all the difference in mitigating the damages. Time is of the essence. That’s why it’s vital for your organization to have an effective cyber incident response plan in place that specifically addresses key actions to implement within the first 24 hours following an attack.  

During these initial hours, your organization’s response can help foster business continuity, protect stakeholders, limit legal repercussions and ultimately put a stop to the incident as fast as possible. What’s more, taking steps to quickly contain the attack can provide significant financial benefits. 

According to a recent report from the Ponemon Institute, organizations that were able to resolve a cyberattack in less than 30 days saved over $1 million in resulting costs when compared to organizations that took more than 30 days to do so. 

In order to minimize the lasting damages that can often accompany a cyberattack, here’s an overview of important tasks to complete during the first 24 hours after an attack is discovered at your organization:

  • Start documenting the incident. As soon as you find out that a cyberattack is taking place, begin documenting what you know. This should include when and how the attack was discovered, the technology or data impacted by the attack and any other supporting evidence regarding the event. Keep updating this documentation as you learn more about the incident. 
  • Alert important personnel. Be sure to gather the members of your organization’s cyber incident response team and alert them of the attack. This may include IT leaders, crisis communication experts and legal advisors. These individuals should then begin carrying out their designated roles and responsibilities as outlined in the cyber incident response plan. Inform additional employees about the attack on a need-to-know basis.
  • Secure all workplace technology. Do what you can to secure all organizational servers and devices, as well as stop further data loss or destruction. Take any impacted technology offline, but don’t turn it off, as it could offer important evidence during the attack investigation. Launch any backup systems or data required to perform key operations and ensure business continuity (if applicable).
  • Seek further assistance. Consult your organization’s forensic team and—depending on the severity of the incident—local law enforcement to start conducting an in-depth investigation of the attack and help identify the perpetrators. Reach out to your insurance company to kickstart the claim process and receive further assistance.
  • Inform the appropriate parties. Based on guidance provided by your crisis communication experts and legal advisors, develop a plan for effectively sharing the key details of the attack with organizational stakeholders, shareholders and government agencies (if necessary).

This is not intended as sole advice. For specific recommendations about your business and cyber insurance coverage, contact a properly licensed insurance advisor for full terms of coverage. For additional loss control resources and information on cyber liability insurance, contact our team today.


Personal Lines Insurance 

(home, auto, boat, motorcycle, umbrella coverage, and more)

Commercial Insurance 

(business liability, cyber, E&O, property, worker's comp, and more)

Group Benefits 

(health, life, dental, vision, and more)

Related Links