5 Questions to Ask Before Buying a Cyber Insurance Policy

As a business owner, you understand the importance of insurance. It's one more way to keep your employees, infrastructure, intellectual property, and investments safe. And as data breaches have become an unfortunate, near-constant fixture in the news, there has been an uptick in preventative strategies including Cyber Liability Insurance Coverage (CLIC). Marketed as a kind of cure-all, cyber insurance is still an incredibly nuanced fortification, with approval hinging upon lengthy digital assessment. Furthermore, and this can't be emphasized enough, a cyber insurance policy is only as effective as your IT infrastructure. So, before you begin implementing a cyber insurance policy, make sure your company is asking the right questions. 

Learn How to Pick the Right Cyber Insurance Policy for Your Business:

What Does Cyber Insurance Cover?

Cyber insurance isn't, strictly speaking, a new concept. These policies grew out of Errors and Omissions (E&O) insurance, around 2005. However, they have exploded in the last couple of years as Covid-19 prompted the mass migration to remote work, and cybercrime followed. Ransomware has been booming, as criminals target businesses across industries, and more companies are looking to cyber insurance to help contain costs. The market is expected to reach a value of $29 billion by 2025. So what exactly does cyber insurance do? This coverage is meant to offset the expenses incurred during a data breach or cybersecurity event, including:

  • Recovering compromised data

  • Legal settlements and regulatory fines

  • Hiring experts to identify and repair damage

  • Notifying customers, and providing identity and credit monitoring

  • Business interruption, network downtime, and lost employee productivity 

These policies should provide coverage for both first and third-party claimants. First-party coverage includes losses to the organization or individual affected, while third-party coverage addresses legal action taken by customers or partners. These policies can vary in terms of coverage and premiums but typically account for organization type, service provided, data risk and exposure, and current security policy. 

Essential Questions to Ask a Cyber Insurance Provider

In a Statista Report from early 2021, only 41% of businesses in the United States and Europe currently have a cyber insurance policy, despite increased risk. If your business is in the early stages of adopting a cyber insurance policy, make sure you ask potential cyber insurance providers the following:

  1. Creating Your Policy

    • Is their cyber insurance coverage created in a new plan? Or, is it an extension of an existing policy? Many cyber insurance providers will provide customizable policies, that allow for the most cost-efficient option.
  2. Understanding Coverage

    • Does coverage include both first and third parties, as well as third-party service providers? Third-party vendors can provide an unfortunate alleyway into sensitive company data, so ensure they are included in your cyber insurance policy.
  3. Employee Liability

    • Will coverage still apply if the event was caused by non-malicious employee activity? Or social engineering attacks including spear-phishing and advanced persistent threats (APT)?
  4. Threat Timelines

    • Given that some of these threats take time to discover, will the cyber insurance policy include time frames during which coverage is in effect? Or will there be limits?
  5. Scope of Policy

    • Does the policy only apply to targeted attacks, or does it cover any security event to which an organization is subjected?

Cyber Insurance Policy Requirements

Most cyber insurance providers require a thorough cybersecurity assessment before approving applications. This ensures that businesses are implementing proactive steps to reduce their vulnerability before cyber insurance is part of the strategy. Ultimately, there is little sense in insuring a company that is unwilling to engage in routine cyber hygiene via threat assessments, continued employee education, and an independent audit of third-party vendor security. Fortunately, iCorps' technicians are experts in identifying, diagnosing, and remediating IT threats. For more information on how a security assessment can better prepare your business for cyber insurance, contact us here

Request a Free IT Consultation

Editor's Note: This blog was originally published in 2018. It has been updated for accuracy.