Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cyber Tactics ColumnCybersecurity News

Adjust Your Cyber Insurance Expectations

By Steven Chabinsky
Cyber Tactics Chabinsky Default
June 1, 2015

Your company may think it has adequate insurance coverage for a network breach, but there’s a good chance that it does not. According to the findings of a recent UK government report, over half of the companies surveyed thought they had the right coverage in place, while only 10 percent actually did. Another sizable group of those surveyed responded that they had no idea which of the many cyber risks facing their company even could be insured.

 

Going for Broker

The cyber insurance market is relatively young, and it is constantly evolving. By some estimates, there are more than 50 insurance companies underwriting this risk, and the market is growing. Importantly, these insurers differ in the coverage they offer and change their products over time. To make sense of it all, companies should consider working with an insurance broker that has a strong cybersecurity practice. These brokers do the legwork for you. They are able to understand your company-specific needs, review your existing policies, determine your gaps in coverage, explore what coverage is available across the industry, and find competitive pricing (including for small and medium sized businesses).

 

What’s For Sale?

Regardless of how much you are willing to spend, it turns out that some losses are currently uninsurable in the general marketplace. You will be out of luck, for example, if you try to purchase insurance to cover the value of your company’s stolen intellectual property. On the other hand, the market is increasingly robust when it comes to covering expenses associated with notifying customers of a data privacy breach; the costs of replacing, recreating, repairing or restoring data, software or computer systems that are lost or damaged as the result of a breach; expenses associated with business interruption, as well as the reputational harm from a network outage or security incident; identity theft losses; responding to cyber threats and extortion; defending against claims if your company inadvertently transmits malware to third parties; class action defense costs; regulatory action costs; and crisis management expenses.

 

Caveat Caveats

Beware of coverage exclusions and understand your policy requirements. Otherwise, the insurance you think you have may not be available when you need it. Exclusions are common if, for example, prior to obtaining the policy, your company knew or should reasonably have known that its network already was infiltrated by the hacker (or malware) giving rise to the claim.  A number of policies will not provide coverage if the insured fails to take reasonable steps to keep its software patched and updated. Some policies cover physical damage (think about cyber attacks against control systems); others expressly exclude it. Many policies exclude coverage for data breach losses that occur when your data is on a third party vendor’s network. Some policies expressly include, while others expressly exclude, coverage for claims that are brought by governmental entities.

As for policy requirements, perhaps most important among these is knowing the steps your company must (or must not) take in the event of a claim or loss. Without insurer approval, admitting liability is almost always a no-no, as is settling a case or promising to make payments. In fact, oftentimes you cannot incur any costs or expenses that you intend to claim without the insurance carrier’s written agreement. Is your CEO about to announce free credit monitoring at this morning’s press conference? Beware.

 

Promises Promises

Purchasing insurance requires that your company make certain representations and warranties. Your cybersecurity and risk management team should be involved in this part of the process. Since all insurance policies are issued in reliance on the truth and accuracy of a company’s application and accompanying materials, all bets could be off in the face of an insured’s material misrepresentations or omissions.  Your company may be asked about the controls it has in place to prevent, detect and contain cybersecurity incidents, and to attest to the fact that it actually implemented all of those security policies. Perhaps your company will warrant that, during the term of the coverage, it will use encryption and two-factor authentication. Regardless, it is important for your company to properly inform its promisors and to continuously track its promises.

 

Conclusion

If your company has not recently analyzed and assessed its cyber insurance coverage, the odds are that your company either thinks it has coverage in place that it does not, or that it thinks that it cannot obtain coverage that it can. With the help of outside experts, especially insurance brokers, it is easy to determine and address your cyber insurance needs.  With the help of inside experts, it is important to ensure compliance with your cyber insurance representations and warranties. 

KEYWORDS: cyber security insurance data breach data breach costs

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Chabinsky 2016 200px

Steven Chabinsky is global chair of the Data, Privacy, and Cyber Security practice at White & Case LLP, an international law firm. He previously served as a member of the President’s Commission on Enhancing National Cybersecurity, the General Counsel and Chief Risk Officer of CrowdStrike, and Deputy Assistant Director of the FBI Cyber Division. He can be reached at chabinsky@whitecase.com.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cyber Tactics Chabinsky Default

    Adjust Your Priorities for Risk-Centric Asset Management

    See More
  • Cyber Insurance: What Are You Missing?

    Cyber Insurance: What Are You Missing?

    See More
  • Cyber Tactics Chabinsky Default

    Having Your Say in Cyber Response

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing