Cyber Insurance: A Quick Guide
In the face of escalating cyber threats, cyber insurance has become a critical component of business operations.
This article discusses cyber insurance, highlighting its importance, coverage, market trends, key features, and strategies to avoid claim denial.
The Necessity of Cyber Insurance
Technology is complex, and people make mistakes. Even the most robust cybersecurity measures can falter. Eliminating all risk is both challenging and costly. Therefore, reducing the risk as much as possible and transferring the remainder through cyber insurance is advisable.
A competent cyber insurance partner will cover the residual risk and collaborate with you and your technology team to mitigate your overall risk. Your cyber insurance provider is also ideally positioned to understand your risk and assist you in designing systems to mitigate it.
Deciphering Cyber Insurance Policies
Insurance policies vary in their coverage.
Your insurance policy is likely t fall into one of the following categories:
- General/Commercial Liability and its riders are no longer tailored for cyber coverage and are typically quite limited.
- Technology Errors & Omissions (Tech E&O) protects a company if a mistake or oversight results in client harm, but it does not shield you from attackers.
- Cyber Liability safeguards your company against cyber-attacks.
Cyber Insurance Coverage
A cyber insurance policy primarily covers the following situations:
- Data breaches – The insurance covers breach response and remediation, including legal fees, customer notification and tracing, IT forensics, crisis media relations support, and any necessary liaison work with regulators and authorities.
- Business interruption – If a cyber-attack disrupts your operations, the insurance will cover the cost of operating your business again. This includes bricking costs (where devices have been critically damaged), loss of earnings, digital asset damage, and costs incurred in staff overtime.
- Cyber extortion – In the event of a ransomware attack, the insurance will cover the cost involved if you are held hostage. This includes paying ransom and the services of legal or specialist IT experts.
Current State of the Cyber Insurance Market
The current cyber insurance market is beginning to see a tiered system develop among carriers.
Some carriers offer superior policies while imposing more requirements. Other carriers have fewer requirements but do not offer the best policies, particularly regarding premiums, deductibles, or pay-on-behalf policies (which are highly recommended).
Features of a Good Cyber Policy
A good cyber insurance policy will have a decent premium and deductible.
It will be a “pay-on-behalf” policy, meaning the carrier pays for the incident costs upfront instead of reimbursing the customer later.
Two of the most significant factors affecting your premium will be your industry and your size (by annual revenue).
Current Requirements for Best Policies
The best policies currently require Offsite/Cloud Backups, Multi-Factor Authentication (MFA), Endpoint Detection and Response (EDR/MDR/XDR), and Employee Cyber Awareness Training.
Customers often see premiums 8-10% more expensive from carriers that do not require MFA. Particularly for mid-market customers (determined by yearly revenue) and high-risk industries, EDR/MDR/XDR is required.
Ensuring Your Claim Isn’t Denied
The MOST likely reason a company is denied a claim on their cyber policy is when they fail to follow the cybersecurity requirements they attested to implementing when applying for insurance.
If all cybersecurity requirements are being implemented, it is tough for a carrier to deny a claim. So, do you have good records of the tools and technologies you said you had in place when you got your insurance?
Understanding the coverage, market state, ideal features, and how to avoid claim denial is crucial to making the correct business decision.