Cyber Liability insurance can be a complicated sell even in the face of mounting publicity in the wake of a massive cyber attacks. Small to medium size businesses or those in specific industries may not believe they’re at risk or they simply may not understand the coverage. That’s why a good starting point for all businesses is to go over the exposures and then really look at what costs or expenses they would like to have covered and what types of incidents they want to cover. During this process, be sure everyone is involved, including obtaining relevant information from third-party suppliers and partners to assess both first- and third-party costs.
Once this is established, it’s important to determine what type of policy is right for the business. Selecting the right policy for a business, business model, industry, size, exposures and so forth is complex, which is why a cyber insurance specialist is so important. Key to obtaining the right coverage is also understanding the support a business will receive as part of the coverage. Some policies, for example, provide a point of contact who will handle everything from the moment the insurance company has confirmed coverage for the claim, whereas others will let the insured manage the incident and decide which services the insured wants to use from their list of suppliers.
All Cyber insurance policies come with exclusions, terms and definitions. Understanding these is also critical and once again a professional specializing in cyber insurance can design a program that meets an insured’s needs and can explain what is and isn’t covered.
Moreover, following are some additional considerations when looking at Cyber insurance:
- What security controls can an insured put into place that will reduce the premium?
- Will an insured have to undertake a security risk review of some sort?
- What is expected of an insured to reduce or limit the risks?
- What assistance is provided to improve information governance and information security?
- What support if any will be provided to assist in making the right security decisions for the industry/business the insured is in?
- The security/protection industry is very fast changing, how can the insurance ensure that the policy is current?
- Do all portable media/computing devices need to be encrypted?
- What about unencrypted media in the care or control of third-party processors?
- Are malicious acts by employees covered?
- Are all and any court attendances to defend claims from others covered?
- Could an insured file claim if the business was not able to detect an intrusion until several months or years have elapsed?
Caitlin Morgan works with several carriers to offer comprehensive and industry-specific Cyber insurance programs. We can assist you in designing a program that will address your insured’s exposures. Give us a call at 877.226.1027.