What to look for in a cyber insurance product?

The data breach checkmarks on the left depending on the industry or vertical that your business is in. There are varying implications. But it’s vital to have a team to support you. Here’s what’s covered on the left and here’s what to consider on the right in a good standalone cyber insurance policy. 

What to Look For in a Cyber insurance Policy
what to look for in a cyber insurance product

Coverage worth considering

Looking at the right-hand portion, consider:

A breach coach law firm to defend you. Have a team or a breach coach law firm at your disposal to help you and remediate. In case of an incident, they will immediately take control and an attorney-client privilege is attained. A forensic expert will go in and see what data was compromised and what implications could be. 

24×7 hotline. In a case of an incident, the first call goes to this hotline. It’s worth considering having a 24x7x365 hotline to initiate any claims.

Basic Coverage

Here is the basic coverage of a Cyber Insurance policy:

  1. Protection against data breaches – if someone goes into a system and they can then have access to just about any data in there, they are able to navigate through it.
  2. Cyber attacks on your data are held by vendors and other third parties – so this is a very real thing that is a risk and is also covered. 
  3. General cyber attacks – this talks about ransomware, cybercrime, and all its components.

Cyber attacks that occur anywhere in the world – it’s an interesting way the cyber insurance market works because it’s a little different than a crime in a physical address. It’s the network that is protected. So in a good cyber insurance policy, it’s your network regardless of where an employee may be traveling. They may be traveling and logging in remotely, regardless of where they are, the network is protected.

And as a side note, cyberattacks come from all over the world. So, the network must be protected regardless of where employees are. There are some sophisticated organizations that know they’re operating from non-extradition countries. So that means that if they commit a crime in the United States, they are not going to be held accountable the same way because of the country they’re in. 

It’s important to know that these threat actors are out there. They’re all over the world and they can access data anywhere. 

Depending on where these criminals physically are, US laws and regulations may not apply to them if they are caught in the act.

It is important not only to think comprehensively about your cyber security but also to protect yourself in the best way possible.

First-Party Coverage

What to look for in first-party coverage?

First-party coverage means “this is what happens to my business.”

Fraud, extortion, and ransomware coverage, technically termed “cyber extortion coverage.” are important parts of first-party coverage. If there is a breach, it could have been caused by fraud or cyber extortion.

In effect, it would be necessary for the first party to set up public relations such as call centers to notify people of their data exposure. A forensic investigation involving multiple experts is also necessary to manage the crisis.

Business interruption coverage is also necessary to cover income loss as a result of disruption of operations. There’s also another one called dependent or contingent business interruption.

The overarching theme is that insurance is not just there to indemnify or to provide monetary compensation but also to provide a team of experts that’s available. When there is an incident, a business wants to get back up and running as soon as possible and wants its customers even in an unfortunate situation to get the best service possible. So we’re looking to have the best team available and to have experts in every specific area that an incident may approach.

Third-party coverage

This does not necessarily mean, “what happens to my business?” but “if a threat gets into my business, now what could happen to other people?” 

“Riders or add-ons might compensate by paying a ransom but not necessary for third-party coverage.”

Because these are customers whose interests were violated, there could be regulatory issues. There are particular industries where claims and settlements are more numerous, hence, more regulations are required.

Query: Does a third-party component says, “hey you got breached, and because of that breach, it affected me.” This happens in most cases, and there’s a possibility that if you don’t have the right policy, you are not covered by me if I come after you saying, “hey, Joe, your company did this and it affected me now I want to sue you.”

Absolutely. This is spot on on both counts. This is third-party coverage and definitely not included in a lot of policies, particularly as an add-on or a rider to a commercial policy. Riders or add-ons might compensate by paying a ransom but not necessary for third-party coverage.

The expenses arising from third-party coverages are the primary drivers that drive cyber insurance costs upwards.

Does a good standalone cyber insurance policy include third-party coverage?

Yes. A good standalone cyber insurance policy will have coverage for third-party coverages covering these areas. 

It’s important to make sure you read these provisions as included in your policy and that you understand the inclusions. This is needed especially If the situation looks too good to be true and you’re just quickly adding on Cyber Coverage to another type of insurance product.

Better to take a deeper read into what is actually covered in those policies.

Picture of by Wayne Roye

by Wayne Roye

Microsoft Strategic Consultant

Book an Appointment