Before you purchase cyber insurance – read this!

As cyberattacks become more sophisticated and damaging, organizations are searching for cyber insurance that could cover the potential risks. And this has brought significant challenges for insurers as predicting the future of cyber risks is never easy.

Moreover, the lack of historical data, the market uncertainties, and the legal battles over fundamental issues continue to add up to these difficulties. Thus, it is also important to match your expectations with reality before purchasing cyber insurance for your organization.

What is cybersecurity insurance?

Also referred to as cyber liability insurance, it’s an insurance policy that protects a business against financial risks and legal liabilities stemming from data breaches and cybersecurity issues.

With the internet security liability policy, some of the risks are transferred to the insurer in exchange for a monthly or quarterly fee.

Critical considerations when purchasing cyber insurance:

1. Coverage Selection: With the various types of policies, organizations should discuss first with the insurance team to ensure appropriate coverage depending on the business needs and risk appetite.
2. Policy Qualifications: Make sure that claim processors understand cybersecurity. Ignorance might lead to a denial of claims for items that the insured believed to be covered.
3. Policy Complexity: With lots of exclusions existing in drafting cyber insurance, organizations should be knowledgeable in identifying potential cyber losses and determine if the insurer would pay claims in that case.
4. Pre-Insurance Survey: Organizations should be careful in filling out forms that define the coverage that they prefer as insurers could deny a claim if it’s not matched in the pre-insurance survey.

Here are some of the situations when you can expect coverage:

• Disrupted business operations due to malware infection
• Network shutdown due to data breach or Distributed Denial of Service (DDOS)
• The device locked up due to ransomware
• Extortion demands
• Business email compromise
• Losses due to social engineering fraud
• Liabilities associated with the payment card industry (PCI) Fines & Penalties and other contractual obligations
• Legal expenses, fines, and penalties
• Settlement fee for class action lawsuits
• Lost business profits and accrued expenses during a cyber incident
• Lost business profits due to reputational damage following a publicized cyber attack

Some policies include a combination of the above coverage elements. But beyond the basic agreement, numerous coverage additions could be applicable for new buyers and unexpected situations. However, any enhancement is not always available unless the clients know what to ask for. Most of the time, add-on coverage is sub limited to an amount less than the policy limit.

Interested in learning more? Join our webinar: Cyber Insurance and Cyber Incident Response: Preventing Catastrophic Consequences and Damages