Increasing cyber threats, expensive security solutions, and lack of dedicated IT resources – these are some of the challenges facing small and medium-sized enterprises (SMEs). These businesses are the target of most cyber-attacks (75%). With this in mind, Boxx Insurance built its flagship product “Cyberboxx,” which caters to SMEs with under $20 million in revenue.
“There is no other product in the market that combines comprehensive insurance coverage with cybersecurity solutions like Cyberboxx – cyber risk score, firewall, threat intelligence, and access to cybersecurity expertise,” Boxx Insurance told insurr. “We’re able to offer an even more inclusive package that not only addresses the external risks but [also] the internal risks to cybersecurity — human behaviour.”
Last month, the company added another component to the package – the BOXX Academy – which offers cybersecurity training for employees. Built in partnership with Hiscox and its CyberClear Academy in the UK, the platform provides training on phishing, password safety, and more. It also allows employers to test their employees and see where they are in the training process.
Cyberboxx coverage starts at a limit of $500,000 but is, on average, set at $1 million.
“The majority of cyber insurance policies are endorsements to other policies (E&O) or only cover up to $100,000 in damages. However, when you do the calculations for the cost of a breach, it can be … $1 million or more to get networks back up and running, notify any customers, and/or pay regulatory and legal fees,” Boxx Insurance explained.
Overlooked cyber coverage options
The product also includes essential but often overlooked areas of coverage:
- Breach by suppliers: Covers against any loss that arises as a result of any breach caused by a supplier
- Offline Coverage: Covers the breach of electronic and non-electronic data that includes theft and loss (Businesses have access to insurance for a sophisticated hack, but also for leaving a paper file on a train or sending information by email to the wrong person.)
- Prior Acts: Many cyber insurance policies do not provide coverage for any acts that occurred prior to the effective date. Boxx Insurance’s Prior Years policy endorsement extends the coverage of insurable events to “prior to the policy inception date.” This ensures peace of mind that businesses have coverage irrespective of when the first incident or breach occurred.
Boxx Insurance also offers extensions of its typical coverage to cover losses due to social engineering, rogue employee acts, and cyber deception. However, what makes the product of value to smaller clients, according to the company, is the ability to reach out directly to their one team of cybersecurity experts and dedicated emergency response team, the Hackbusters.
“If you are a Cyberboxx member, you speak to a breach incident response expert to help contain the risk as quickly as possible before speaking to any insurer. Our team of Hackbusters™ will help you contain the situation and mobilize the relevant team specialists – including PR and legal experts. The Cyberboxx breach response team will help you document the facts surrounding the breach, its effects and remedial actions taken, as these may be required as part of any legal defense or regulatory notification to be submitted,” Boxx Insurance added.
How a risk profile explains exclusions
Meanwhile, the product’s exclusions happen mainly based on risk profile and for certain types of companies that have high risk – such as data aggregators, large financial institutions, and adult industries/gambling. Nevertheless, the company gives special considerations based on the following factors:
- Class of industry, client records, and location(s) declared
- Company specifics (headcount, subsidiaries, date of incorporation, etc.) declared
- The limit of liability selected
- Any optional extensions selected
- Past claims or incidents, known circumstance, and other history declared
- Current IT risk management and security controls the business has in place and declared
The average premium for a typical client “ranges depending on the revenue size and risk profile, but is an affordable minimum of $500 annually (and upwards). Our average sweet spot is $1,500 -$2,000 annually,” Boxx Insurance said.
Easily apply for Cyberboxx products
During application, it is important for brokers to provide the following information:
- Loss history
“We have built an online application that is easy to fill out and shorter than your average cyber insurance application (less than 2 pages of questions), so it will be hard for brokers to miss the relevant information. If they do, our online form is able to direct them to the areas they need to consider and answer any [technical] questions they may have,” Boxx Insurance explained.
Apart from Boxx Academy, the company is enhancing its existing Cyberboxx product through more competitive rates and wording.
“We have listened to brokers and the market and added enhanced coverage features, streamlined our application process,” Boxx Insurance said.