Cybersecurity Insurance
Cybersecurity Insurance is today a hot item for many entrepreneurs, but still a hard thing to get for having a safenet when your organisation is beign attacked. Let's discover together what kind of options exisits.
What is a Cybersecurity insurance?
A cybersecurity insurance becomes more and more required in today’s digital landscape. Cyber criminals are using different techniques to steal personal data and get access to your company assets and in the end to execute a ransom attack that can destroy your organisation.
Therefore, Belgian banks are today offering cybersecurity insurances for helping you to survive from a ransom attack or other types of cyber damages.
A cybersecurity insurance can cover damages from :
- Reimbursement of costs for recovering your network resources
- Support when having a cyber attack
- Preventive measures like :
- Networkscan
- GDPR-check
- Communication check within your incident response plan
- Compensation of business losses
- Loss of money in case of ransom attack
- Assistance in the event of a cyber attack or data breach
- Damage you cause to others
Unfortunately, cybersecurity insurances are not easy to get. The banks are asking in return a bunch of cyber security requirements that need to be in place, before you can profit from such an insurance.
Cybersecurity requirements for insurance
Before you can sign a cybersecurity insurance at your bank, the bank is asking often different cyber security requirements that need to be in place.
Let’s discover which requirements need to be met :
Compliancy with NIS2 Directives
Your organization must comply with the NIS2 (Network and Information Security 2) Directive, which is a significant legal framework in Belgium aimed at enhancing cybersecurity. This includes adopting risk management measures tailored to your company’s size, exposure to cyber risks, and the severity of potential incidents. Key measures include technical, operational, and organizational actions to manage and mitigate cybersecurity risks​( Centre for Cyber security Belgium, Centre for Cyber security Belgium).
Implementation of Cybersecurity frameworks
 It’s essential to align with recognized cybersecurity frameworks, such as the CyFun® framework developed by the Centre for Cybersecurity Belgium (CCB). This framework helps organizations implement state-of-the-art cybersecurity measures to reduce the risk of cyber incidents​( Centre for Cyber security Belgium ).
Audits and Security Assessments
Regular internal and external audits are often required to ensure compliance with cybersecurity standards. For example, the NIS2 law mandates periodic audits, and insurers might also require evidence of these assessments as part of the insurance application process​( ICLG IBR).
Robust Incident Response and Reporting Mechanisms
Your company should have a solid incident response plan, including the ability to quickly report and respond to cyber incidents. Insurers typically expect that companies have these systems in place to minimize the impact of any potential cyber-attack​(Howden Group).
Cyber Hygiene and Risk Controls
Strengthening your cyber hygiene is crucial. This includes having up-to-date firewalls, regular patching, employee training programs, and more. Insurers look favorably on companies that demonstrate a proactive approach to cybersecurity​ (Howden Group).
What is the cost for a cybersecurity insurance policy?
Although the cost of a cybersecurity insurance can be influenced by different factors, there is no fixed pricelist what such an insurance can cost you by user. Based on the information we have found in the annual report of the Centre for Cyber Security Belgium and the Howden’s 2024 cyber insurance report we can provide you with a rough estimate below.Â
-
Basic Cyber Insurance Policies: For smaller companies or those with lower risk profiles, the cost can range from €50 to €150 per user per year. This type of insurance typically covers basic incidents like data breaches, ransomware attacks, and some business interruption coverage.
-
Comprehensive Coverage: For larger companies or those with a higher risk of cyber attacks, such as those in finance or healthcare, the cost can increase to €200 to €400 per user per year. This higher cost reflects the need for broader coverage, including higher policy limits, coverage for regulatory fines, and more extensive business interruption coverage.
-
Customized and High-Risk Policies: For companies with very high risks or those requiring specialized coverage (e.g., coverage for cyber extortion or state-sponsored attacks), costs can exceed €500 per user per year. These policies are often customized and include extensive risk management services provided by the insurer.
What is the best insurance?
Prevention
The best insurance for cybersecurity companies can have, is to install cybersecurity measures that can prevent the loss of data, money, resources, reputation loss, etc..
Sounds easily said, but is it so easy?
Having cybersecurity measures in place that are resilient against cyberattacks crafted with the latest tools is not an easy task and cost indeed money. Depending on the size of your organisation, the yearly cost of one or several full time cybersecurity engineer(s) can be replaced by hardware and software with managed services.
Prevention tools
Everything starts with identifying all your assets of your organization. You can’t protect what you don’t see. Kappa Data has already many tools that effectively identify assets like users, systems, applications, IoT and OT assets in an easy and cost effectively manner.Â
Once you know your assets, you can start to protect them
Protection tools
Once you have identified your assets, you can start to protect your assets by building your safeguards.Â
Identity management
Many tools exists for managing access for your users, systems and applications. With identity management tools you can determine the rights which users can access what kind of data from which kind of locations.Â
Multi-factor Authentication (MFA)
With the use of MFA, it is for hackers more difficult to access your network. Today we see already new solutions popping up that allows you to authenticate and access the network without remembering a list of passwords.Â
Network Access Control
Network Access Control (NAC) allows you to protect your network from unauthorized access to your environment. A NAC-solution can offer you the complete control who gets access to what and doesn’t need an excessive budget to put this in place. Shortly, Kappa Data launches a solution that combines NAC functionalities with Zero Trust Network Access capabilities with the UZTNA solution.Â
Zero Trust Network Access (ZTNA)
Zero Trust Network Access helps you to control access to your business applications and replaces today Virtual Private Network (VPN) access. ZTNA manages access towards the defined list of applications, where VPN manages the access to the whole network.Â
Firewall Protection
Firewalls are a requirement for securing the access to the Internet and from the Internet to your network. Firewalls today are much more performant and becoming less in price. Kappa Data offers a range of firewalls for every type of organisation and size.Â
Endpoint Protection
Endpoint protection for computers and servers need nowadays more advanced protection in order to identify any type of malware with the use of AI engines. Kappa Data is proud to have the most highly rated endpoint protection in the market. This type of endpoint protection uses synchronized security as an automatic detection and response tool to stop threats. Â
Wireless Protection
Wifi networks can be a possible target for hackers to get access to your devices of your users and infect your network later on. Therefore, Wireless protection is an interesting topic to look at for closing the Wireless gaps.Â
Detection and response
Detection and response of cyber incidents is a requirement in an incident reponse plan. For companies who don’t have cyber security engineers, this topic can be a major issue for them to resolve.Â
By the NIS2 directives organisations from a turnover of 10 million euro’s and more need to implement a system that is able to detect and respond to cyber incidents 24/7.Â
If you don’t have a security team standby 24/7, you could consider a Managed Detection and Response service that Kappa Data offers.Â
User Awareness cybersecurity
User awareness of cybersecurity is a must today and is also recommended by the NIS2 directives for the employees. NIS2 applies towards management teams to organize on a regular basis training for their employees on a regular basis.Â
Kappa Data performs on a regular basis user awareness training in a classroom based way. In that sense, we take the time to explain the different techniques and threats that exists out there and how to recognize malicious mails or actions.Â
Â
What are the steps before considering a cybersecurity insurance?
Before you step to your bank or insurer, make sure you have handled the different prevention and protection measures. Kappa Data can surely help you with these different tools.Â
Contact us to learn more about the managed services for detection and response of cyberincidents. We can insure you that these types of services will help you to protect and ensure the business continuity that is required.Â
Frequently asked questions
Check our FAQ section where you can find the first questions that have been asked to us during the last months when discussing a cybersecurity insurance.
Contact usCan cyber insurance cover losses due to human error?
Yes, many cyber insurance policies cover losses resulting from human error, such as accidental data breaches or mis-configurations that lead to security vulnerabilities. This is particularly important since human error remains a common cause of cyber incidents ​(ICLG IBR).
How does cyber insurance support compliance with regulations like GDPR?
Cyber insurance often includes coverage for legal and regulatory fines associated with data breaches under GDPR. It also supports companies in meeting GDPR requirements by funding risk assessments, security improvements, and incident response activities​ (ICLG IBR).
How much does comprehensive cyber insurance cost per user?
Comprehensive cyber insurance for larger or higher-risk companies in Belgium can cost between €200 to €400 per user per year. This cost reflects the broader coverage and higher policy limits necessary for more significant risks​ (Howden Group).
What are the key factors influencing the cost of cyber insurance per user?
The cost is influenced by factors such as the size of the company, industry risk level, existing cybersecurity measures, the scope of coverage (e.g., basic vs. comprehensive), and past incident history. High-risk industries or companies requiring extensive coverage will pay more per user​ (Howden Group).
What are the main types of cyber incidents covered by cyber insurance?
The main types of incidents covered include data confidentiality breaches, ransomware attacks, business interruption due to cyber incidents, network security failures, and sometimes even state-sponsored cyber attacks​ (ICLG IBR).
What are the requirements for obtaining cyber insurance in Belgium?
To obtain cyber insurance, Belgian companies typically need to comply with the NIS2 Directive, implement recognized cybersecurity frameworks (like CyFun®), conduct regular security audits, and have robust incident response plans in place ​(Centre for Cyber security Belgium, ICLG IBR).
What does a basic cyber insurance policy typically cover?
A cyber insurance as a basic policy usually covers data breaches, legal costs, customer notification, credit monitoring services, ransomware payments, and business interruption caused by cyber incidents. It may also include some regulatory fines ​(Howden Group).
What is cyber insurance?
Cyber insurance is a specialized policy designed to protect businesses from the financial risks associated with cyber incidents, such as data breaches, ransomware attacks, and other forms of cybercrime. It covers costs related to data recovery, legal fees, regulatory fines, and business interruption​(Howden Group).
What is the role of regular audits in cyber insurance?
Regular audits, both internal and external, are critical for maintaining compliance with cybersecurity standards and are often required by insurers to validate that the insured company has adequate protections in place. These audits help in assessing vulnerabilities and ensuring that security measures are effective ​(ICLG IBR).
Why does a Belgian company need cyber insurance?
Belgian companies, especially those with significant turnover, are increasingly targeted by cybercriminals. Cyber insurance provides financial protection and risk management support, helping companies recover from incidents and mitigate the impact on their operations. Compliance with frameworks like NIS2 also makes it essential for certain companies​( Centre for Cyber security Belgium, Centre for Cyber security Belgium).