Cyber liability insurance is one of the most important tools for managing risk in today’s complex business environment. The cyber threat landscape is continuously evolving as Cyber criminals are relentless innovators, employing theft and ransomware schemes which target company data and business operations.
Many cybersecurity and technology experts warn that the risk of a business cyber breach is “not a case of if, but when.”
A cyber attack can cause business interruptions, endanger business data and client confidentiality, ruin brands and business reputations, and cause widespread financial losses, and companies of all sizes can be targets.
Company leaders should proactively invest in cybersecurity technology, products, and solutions to increase their cyber defenses and resiliency. Organizations must also build a culture of security in the workforce, since the “human firewall” is one of the most important layers in a company’s defenses.
Cyber insurance coverage is one key tool to help companies manage the interruptions, costs, and financial losses which often occur as a result of a cyber-attack.
In this article, we will explore the seven most important considerations that should be on every business’s cyber insurance coverage checklist, and what to look for in cyber insurance coverage.
Develop Your Own Cyber Insurance Coverage Checklist Today
Learn what a cybersecurity insurance policy covers with advice from NENS.
What Should Be on Your Cyber Insurance Coverage Checklist
1. Understand Your Needs
The cyber liability insurance needs of businesses will vary greatly depending on the size, industry, and unique operations of the insured.
Larger companies will have more employees, customers, and physical operations. They will face greater financial losses if there is something like a ransomware attack, which may bring business operations to a complete halt.
Naturally, the policy premiums and coverage levels will be higher for larger companies.
By the same token, companies in certain industries will have unique challenges that can increase the cost of coverage.
Industries such as medical, financial, and legal have large amounts of private information about customers or clients, such as personal health information (PHI) or personally identifiable information (PII).
Some companies have many credit card numbers on file and will therefore be subject to additional risk.
At the end of the day, organizations should procure cyber liability insurance based on their needs or business strategy.
Some organizations must comply with industry regulations or laws which mandate cyber liability insurance. Other companies simply see cyber liability insurance as a good business practice and part of an overall risk management program.
2. Understand the Risks
Cyber insurance policy coverage helps you protect your company and cover the costs of recovering from a cyber incident. Cyber risks are created by several different kinds of incidents.
Hacking involves cyber criminals breaking into software systems or infrastructure to steal data or intellectual property, conduct corporate espionage, or compromise systems, such as corporate email systems.
Ransomware attacks involve the encryption of workstations, servers, or storage, rendering the data unusable and impairing company operations.
Phishing tactics are social engineering attacks designed to steal credentials and passwords, often with the goal of further breaches or ransomware attacks.
Finally, employee negligence can lead to lost or stolen laptops, data loss, leaks of private client information, and so on.
3. Consider Your Budget
Cyber liability insurance is surprisingly affordable, yet the cost has consistently increased over the past few years.
There is a lot of variety in terms of cyber insurance coverage limits, policy limits, exclusions, and premium pricing. A recent survey showed that most policies price in a range from $1,000 to $2,000 per year.
The cost of a policy will vary based on the amount of coverage, the size and complexity of the company, the deductible amount, and any other unique attributes of the insured.
As noted elsewhere, the amount of private or sensitive information a business handles will often determine the level of risk and hence the cost of insuring it.
4. Know What Cyber Insurance Covers
When shopping for cyber liability insurance, it is vital to know what to look for in cyber insurance coverage. Every policy will be unique, but most will cover claims related to data loss or theft, cyber extortion or ransom requests, or denial of service requests.
The insurance will cover a range of different costs, including:
- First-party coverage: This type of insurance coverage will cover the costs of incident response, forensics, data and business recovery, along with expenses such as legal or PR advice, notification of customers, or the provision of credit monitoring services.
- Third-party coverage: This coverage involves claims by third parties such as customers or business partners that may be impacted by the cyber incident.
- Cyber extortion: This type of coverage covers the costs of ransom negotiations or ransom payments. Be aware, many policies are now including sub limits which cap the losses related to ransom payments.
- Business interruption: This coverage covers the loss of revenue when business operations are halted or impaired over a significant period of time
5. Know What’s Not Covered
There are many circumstances that won’t be covered by cyber liability coverage. These include losses resulting from riots, wars, terrorism, or civil unrest.
Failure to maintain adequate or reasonable cybersecurity measures can also lead to a denial of coverage. In some cases, a prior act or data breach that occurred before the coverage took effect will also be grounds for a denial of coverage.
6. Perform a Cybersecurity Risk Assessment
The best way to manage cyber risk is to have a cybersecurity risk assessment performed annually. Managed service providers (MSPs) are expert in performing cyber risk assessments for business clients and doing the required remediation and upgrade work after an assessment.
Cybersecurity risk assessments can come in a variety of shapes and sizes. Larger companies or businesses in highly regulated industries will have higher standards and controls to meet and the assessment process will be more thorough and time consuming.
But no matter the company size or sophistication, a cybersecurity risk assessment is a must for both improving risk management and becoming eligible for cyber insurance coverage.
When done properly, a cybersecurity risk assessment will help determine the biggest risks and their potential impacts and inform the roadmap or plan of action and milestones (POAM).
The POAM covers upgrading the cybersecurity defenses, policies, and procedures of an organization.
Regular cyber risk assessments also help organizations methodically improve and mature over time, while ensuring your network security practices are up-to-date with the evolving threat landscape.
Businesses that regularly perform cybersecurity risk assessments are more mature and usually able to easily meet the cyber and network security coverage requirements spelled out by insurance carriers.
7. Research, Shop, and Select Coverage
Once an organization understands its risks, needs, and readiness, the process for shopping for cyber liability insurance is pretty straightforward.
Companies should have a selection committee to supervise the process, with leaders from IT, legal, HR, risk management, and executive staff. Where appropriate, outside advisors such an MSP or outside legal counsel should review the policy before execution.
Like most types of liability coverage, the devil is in the details. It’s important to remember that obtaining and implementing an insurance policy is not just a “set it and forget it” exercise.
Most insurance carriers are being very proactive with giving their clients access to extra resources, insight, and legal advice throughout the policy term. Staying one step ahead of cyber criminals to reduce cyber risk is a team sport.
Companies should also view their relationship with their insurance provider and broker as ongoing business partnerships.
Interested in learning more about cybersecurity? Check out these blogs:
Protect Your Business by Developing Your Own Cyber Insurance Coverage Checklist
Now that you understand what should be on a cyber insurance coverage checklist and what to look for in cyber insurance, it’s time to find cyber insurance policy coverage for your business.
At NENS, we help our clients prepare for and procure cyber liability insurance coverage on a regular basis. Through our expert advice and guidance, you’ll get the information you need to help you make an informed decision.
Cyber liability insurance is one layer in the risk management process, as it complements the other cybersecurity technologies, tools, and services we deploy and manage for our clients.
We look forward to exploring your company’s risk management needs. For more information on how we can advise you on cyber insurance coverage and policy selection, contact us today to schedule a consultation.