6 Considerations When Buying Cyber Insurance

The cyber security insurance market is expected to reach 18 billion by 2023. The rise in cyber data breaches and increasing adoption of cloud-based services are a few factors driving the growth of cyber security insurance market, whereas, high costs is inhibiting its growth.

Here are 6 things you should consider when buying cyber insurance ....

What Are We Already Covered For? – Existing policies may already have an element of cyber crime insurance of part of the wider policy. Check with you current providers what you are already covered for, if you are an SME you may have all you need.

What Will Be Covered? – If a new policy is requires, look closely at the inclusions, i.e., what all is covered in the policy. Some plans will treat the inclusions as 'clauses' while others may call them the 'limit of liability'. An important element of cyber security is malware and some plans may provide it as an optional cover.

First Or Third Party? - Once you’ve discussed what areas your policy should (or shouldn’t) cover, the next question is who it should cover. Policies typically contain one or both of two types of coverage: “First-Party” and “Third-Party.” First-party coverage applies only to the policyholder, and covers their expenses in case of a loss (just like valuables protection in homeowners’ policies). Third-party coverage applies to others, and may cover legal defence costs, and damages and liabilities to third-parties (e.g., customers, business partners, and regulatory agencies) resulting from a security event.

What’s Not Covered? - Policy exclusions vary widely. Many policies exclude major attacks from ransomware or state-sponsored espionage. Some exclude legal fees. Items typically not covered include reputational harm, loss of future revenue, costs to improve internal technology systems and lost value of intellectual property.

Who’s On The Vendor Panel? - The overall cost of a data breach event is 36% lower for insureds who use the trusted panel vendors to manage incidents, as opposed to those who opt for the open market approach. Trusted third-party advisers selected by insurers, often with fixed rates and contractual obligations, can drive significant breach cost savings. Know who is on the panel and factor them in to your incident response planning.

Are We Sure Of The Promise? – Recently Zurich Insurance refused to pay Mondelez International's claim of $100 million in damages from the NotPetya cyber-attack, which some claim the attack source was North Korea. Based on this Zurich claims it is an act of war and therefore said they were not covered. Mondelez is suing. Depending on the insurance value, be sure of the promise.

Questions your C-Suite should ask your CISO – Do we have Cyber Insurance? What does it cover? How much financially does it cover us for? What do we tell our clients?