The legal consequences of cyberattacks, such as class-action lawsuits on behalf of victim third-parties, are a growing worry of business owners, and businesses without cyber insurance are vulnerable to cybercrime and any consequential litigation, according to Solace Insurance.

Of 258 executives polled in a recent study by market research firm Penn Schoen Berland, three-quarters say that legal compliance issues are making their organizations think more about cyber risks, according to a press release. While the majority (85 percent) named cyberattacks as their greatest risk, less than 20 percent of companies purchase cyber insurance to protect themselves against this increasingly common cause of loss.

Cyber insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, network damage and cyber extortion. The Department of Commerce has called cyber insurance an “effective, market-driven way of increasing  cybersecurity” because it may help reduce the number of successful cyberattacks by promoting widespread adoption of preventative measures; encouraging the implementation of best practices by basing premiums on the insured’s level of self-protection; and limiting the losses that companies could face following a cyber attack.

According to the release and Solace Insurance, businesses can follow three basic steps to mitigate the risk of data breaches and related litigation:

1. Understand what coverage is available under any existing policies. General policies may provide some protection from cyberattacks, and understanding the current coverage enables business leaders to purchase the correct types of cyber insurance to ensure there are no coverage gaps.
2. Anticipate any potential costs of a data breach – enterprises should obtain coverage equal to its risk in the event of a breach.
3. Be aware of any exclusions – beware of policies containing poorly-worded, unnecessary or improper exclusion. Attempt to negotiate with the insurer, or seek a quote from a different agency.