Website Insurance: What are the Options?

Wednesday, December 23, 2015

After developing the perfect website for your business, the last thing you want to happen is for your website to crash, and for customer data to get stolen by a random third party. Therein lies the question: Is there a product that can (1) protect my website before such attacks happen and (2) a product that compensates me for my business loss if an attack truly occurs?

1. SSL Certificate – Protecting Website Before an Attack Occurs

Prevention is always better than cure, and this cannot be reiterated enough. It is a common sight to see websites with https and a green secure padlock, but what does it do to protect a website? Behind the iconic display of security, an SSL (Secure Socket Layer) certificate is installed in the web server for the purpose of encrypting data transmitted through websites. This means that when sensitive data such as username, password and credit card details are submitted online, this information cannot be seen or eavesdrop by a malicious third-party. SSL certificates thereby prevent your site from a data breach with encryption and indirectly saving you from a bad reputation and brand damage.

Secondly, an SSL certificate authenticates the owner behind the site; whether you have control over the domain and a foothold in the business. Getting a well-authenticated security product is important, as with organisation validated (OV) and extended validated (EV) SSL certificates. A trusted third party, by what the security industry calls a Certificate Authority (CA) will vet through a website owner’s background, making sure a business is directly linked with the website. This makes it hard for cyber attackers to replicate your site for phishing, as CAs look to protect your website.

ev certificate

EV SSL certificates provide the best form of authentication by displaying your company name and locality of the business with a green bar on the background and is the industry standard to showcase a trusted website. An EV certificate requires you as a site owner to undergo strict and rigorous checks by CAs, to make sure your site is legitimate. This is very much like a website going through audits by a third-party, such as an auditor going through financial checks of a company.

2. Cyber Insurance – Compensation After an Attack Occurs

With a high incidence of cyber attacks in recent years (2013-2015) and higher demand for online security protection, several insurance companies such as AXA have come up with cyber insurance to compensate you for your loss, covering personal, corporate and data security liabilities. This policy plan can be mirrored with healthcare insurance policies, whereby a yearly premium is collected by insurance firms and payout happens only when something dreadful happens. In the case of a cyber attack, relevant documentations must be shown and proven, and compensation can reach up to $10 million, depending on the industry you are in.

SSL Certificate vs. Cyber Insurance, which is better?

Each product serves its purpose when its comes to site protection, and in some measures, it will be best to adopt the use of both an SSL certificate and a cyber insurance plan. Having said that, the cost to purchase a cyber insurance does not come cheap – yearly premium costs between $859 to $120,000, and prices are quoted depending on business nature type and scale of the business. In lieu of this, SSL certificates may be an economical choice for websites, particularly newly set up sites with little cash on hand.

An EV SSL certificate from DigiCert, for instance, cost $389/year, and comes with a compensation warranty of up to $1 million dollars should a data breach occur, due to the fault of the digital certificate.

Cyber Secure Asia is an official partner for DigiCert in Asia, providing DigiCert high-assurance certificates at affordable pricing, with local support from Singapore and can be reached for SSL certificate sales enquiries and assistance.

ashleeAbout Ashlee Ang

Ashlee is a content writer at Cyber Secure Asia where she writes about introductory topics on cyber security and cyber-related happenings in Singapore & South East Asia.

Share :    


Back to Blog