How to Shop for a Cyber Insurance Policy

April 6, 2017

Running a business is full of challenges. Customers can delay payment for services rendered, equipment can break down at the worst possible moment, and entire product lines can be recalled. Thankfully, business insurance exists to help companies when they run into obstacles that affect their bottom line. By protecting company assets, staff and mitigating risk of lawsuits, business insurance is truly an invaluable resource for organizations of all sizes and industries.

Equally important – especially in today’s digital world – is cyber insurance. Malicious hackers are more skilled and resourceful than ever before, and they’re constantly targeting businesses with lax cybersecurity, as they’re easy to breach and usually rife with data that can be ransomed or sold on the black market. Any company that uses mobile technology, engages with external partners or vendors, accepts credit cards or other forms of online payment, or stores confidential customer, partner or other digital information should consider themselves vulnerable to a cybersecurity attack.

Just like business insurance, cyber insurance exists to provide essential financial padding when things go wrong. However selecting an appropriate cyber insurance policy can seem like a complex task. For instance, there are crucial differences between first-party and third-party cyber insurance. First-party coverage only covers immediate response costs associated with a data breach for losses to the policyholder, while third-party coverage covers policyholders from claims brought by third parties such as customers and clients.

To select the most comprehensive yet affordable plan for your business, it’s critical to first identify who is accessing your confidential data and how they’re accessing it, as this information will largely dictate how your cyber insurance policy is outlined. Additionally, be sure your plan includes the following key components:

Business Loss: Small business professional liability insurance plans cover financial losses, and cyber insurance plans do too. Be sure to select a cyber insurance policy that will cover the financial losses to your business after a cyberattack has led to business interruption, data loss or customer dissatisfaction.
Privacy Liability: This essential component insures the loss of third party claims as a result of the policyholder’s unintentional failure to protect sensitive personal information and corporate information subject to a nondisclosure agreement, or adhere to privacy regulations. Seek out cyber insurance plans that offer privacy liability and the coverage of certain contractual liabilities that arise out of the failure to securely manage payment card data.
Notification Contingency Plan: When a breach occurs, every potentially affected party needs to be informed and given safety instructions as soon as possible. Your data breach coach will work with you to contact all first and third parties affected by a network data breach for you so that you and your IT team can focus on isolating and removing the malware or infected code.
Forensic Investigation: Cyberattacks can be disastrous, and even more devastating is when they continue to occur over and over again. Look for cyber insurance policies that can indicate how, when and where a cybercriminal was able to infiltrate your system and infect, steal or delete company data so that you can proactively protect yourself against any similar attacks as well as know the extent of the attack/breach.
Data Breach Coverage: Breaches often result in customer data being leaked to the public or being used for nefarious purposes, wrecking the financial accounts and reputation of not only your brand but also your customers. Be sure your cyber insurance policy insures expenses associated with a data breach, including the cost to retain legal services to determine regulatory obligations, the cost to notify people whose sensitive personal information has been breached, and the cost to provide those people with up to a year of credit monitoring services.
Extortion Coverage: While it’s usually a worst case scenario, sometimes businesses find themselves with no options other than paying a ransom fee to get their stolen data back from cybercriminals. Choose a cyber insurance policy that will help cover the cost of potential extortion, just in case.

According to Symantec, one in 40 small businesses is at risk of being the victim of a cyber crime. Don’t leave your valuable business assets, staff and customers unprotected, and don’t risk falling victim to the debilitating effects of cybercrime. Implement a cyber insurance policy today to protect your network and enable the swift recovery of your data and finances in the event of breach.

Anita Sathe is an insurance professional with over 13 years of experience in the insurance industry, currently serving as the GM of CoverHound and CyberPolicy. She holds a breadth of experience ranging from product and underwriting strategy to technology implementation and actuarial analyses. She is one of only 12 to hold actuarial fellowship credentials across P&C, Life and Health Insurance. Prior to CoverHound, Anita was a Senior Manager with Deloitte Consulting.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.