I’ve been in the cybersecurity industry for pretty much my entire adult life; it’s the only career I’ve ever had. And yet one of my favourite cybersecurity solutions to recommend to organizations is not even a solution I can provide for them. I’m talking about cyber insurance.

I got turned onto the concept of cyber insurance back in 2012 when members of an organization reached out to me once they had realized they were the victims of a cyber breach. It turns out the cybercriminals that hacked into this company’s systems ran a sophisticated social engineering scam — combined with a few other clever cyber tricks — and managed to steal $2 million from their victims.

The organization in question is a transportation company that fits into the small to midsize business category. The leaders of this company felt that due to their small size and seemingly non-flashy products and services, they’d never be a target for hackers. Unfortunately for them, they found out the hard way that cybercriminals don’t care whether you have flashy products or services. Ultimately, they look for potential victims who do not take their cybersecurity seriously, which creates an easy target for stealing data or, in this case, a huge sum of money.

As we began to construct a breach response plan, we learned that the client had something called cyber insurance. Although much more common now, cyber insurance was not as widely used back in 2012. And it’s exactly what you’d think it would be — cyber insurance is like regular insurance, except it’s meant to insure your company against the threats brought on by the digital age.

In the cybersecurity world, we have a very true and perhaps overused saying: “It’s not a question of if but when.” If you’re in the know, you know a breach is coming, and we preach cybersecurity preparedness and the importance of having an effective incident response plan, but prior to cyber insurance becoming more ubiquitous, the cybersecurity industry never really had a good answer for financial recovery after taking a devastating loss from a cyber breach — and I’m not just talking about stolen money or ransomware payouts. It’s important to remember that related costs, such as breach coaches, forensic specialists, negotiators, and legal and public relations professionals, may be more expensive than the actual ransom demanded or money stolen. Not to mention the expenses associated with business interruption, regulatory costs and liability.

As a cybersecurity professional, I preach (as many others do) the importance of “prevention, detection and response.” When it comes to your response strategy, a phenomenal tool to have in your solution kit bag is cyber insurance, as it is the only answer for financial recovery to a breach.

If your organization does not have cyber insurance, I highly recommend you reach out to the organization currently providing business insurance to your company and start the conversation to see if you can find something that works for you. If your organization does have cyber insurance, that is an excellent step in the right direction. Just remember that you need to be sure you understand what your contract covers and, more importantly, what it doesn’t cover.

In the event of a breach, you want to make sure you have questions like this answered well beforehand, along with questions such as:

  • What PR firm will I reach out to for assistance to protect my brand?
  • What law firm specializes in breach response?
  • Who can help me with a forensics assessment?
  • Which organizations specifically does my cyber insurance cover me to work with?

And while this may go without saying, I do get asked this question: “If I have cyber insurance, do I still need cybersecurity?” In short, of course, you do! During a cyber breach, you’ll be very happy to know you have cyber insurance and that you are covered, but ideally, you want to have good cybersecurity in place to mitigate that risk as much as possible. Even if you have health insurance, you still want to look both ways before you cross the road.

The Importance Of Cyber Insurance, The Importance Of Cyber Insurance

Danny Pehar


With more than 20 years experience in the cybersecurity industry, Danny Pehar has become one of its foremost experts.

As a member of the Forbes Technology Council, Danny is also a monthly cybersecurity content contributor to the renowned business magazine. His media portfolio also includes regular television appearances that have built him an engaged broadcast audience and social media following.

As the architect of the Cybercrime Equation, Danny works closely with the Toronto Police Cyber task force as well as the FBI cyber task force. He also sits on the board of directors of InfoSecTO.

As a bestselling author and professional keynote speaker, Danny uses his own Executive Security Storytelling formula to successfully educate organizations on the ever-relevant world of cybersecurity. He has spoken to audiences and industries throughout North America and Europe.

Whether providing cybersecurity awareness training to CEOs of Fortune 500 companies, new employees or even elementary school students, Danny draws on his experience as a comedian and motivational speaker. Combining this background with his extensive cybersecurity knowledge and obsession, Danny promises to entertain, empower and educate for a truly awesome experience!

Other Articles

https://www.midrange.ca/key-reasons-veeam-o365/, Announcement: Service Express Acquires Mid-Range

Announcement: Service Express Acquires Mid-Range

Service Express, an industry-leading data center and infrastructure solutions provider, announces the acquisition of Mid-Range, a managed…

Job, Job Opp: Senior Technical Specialist (IBM i)

Job Opp: Senior Technical Specialist (IBM i)

Deliver technical support and services to Mid-Range Managed Services customer systems in accordance with their contracted agreement.  This position…

Job, Job Opp: High Availability Technical Specialist

Job Opp: High Availability Technical Specialist

Deliver technical support and services to Mid-Range Managed Services customer systems in accordance with their contracted agreement.  This position…

Job, Job Opp: Intermediate to Senior Technical Specialist (Expertise JD Edwards Development Tools)

Job Opp: Intermediate to Senior Technical Specialist (Expertise JD Edwards Development Tools)

Deliver technical support and services to Mid-Range Managed Services customer systems in accordance with their contracted agreement.  This position…

Cloud Solutions, [Webinar] Life After VMware: Is Cloud the Answer?

[Webinar] Life After VMware: Is Cloud the Answer?

Virtualization after VMware

Cloud migration after Broadcom VMware acquisition, Choosing the Right Path: VMware, Virtualization Alternatives, or Cloud?

Choosing the Right Path: VMware, Virtualization Alternatives, or Cloud?

The acquisition of VMware by Broadcom has introduced significant changes to the virtualization landscape, prompting organizations to reassess their…

https://www.midrange.ca/key-reasons-veeam-o365/, 7 Key Reasons Why You Need Veeam Backup for Microsoft Office 365

7 Key Reasons Why You Need Veeam Backup for Microsoft Office 365

Discover the essential reasons why Veeam Backup for Office 365 is crucial for your business. Protect against accidental deletions, internal and…

IBM i, The Looming Skill Gap: How IBM i Users Face a Retiring Workforce and a Talent Drought

The Looming Skill Gap: How IBM i Users Face a Retiring Workforce and a Talent Drought

Debunking common myths about cloud migration to unlock its potential. Simplified processes, robust security, cost savings, and performance…

Information Flow, Holiday Message from the Mid-Range Team 2023

Holiday Message from the Mid-Range Team 2023

Holiday message to our customers and partners for this holiday season.

Information Flow, Holiday Message from the Mid-Range Team

Holiday Message from the Mid-Range Team

Holiday message to our customers and partners for this holiday season.