There are two different sets of categories in cyber insurance: (1) First-party cover and third-party cover; and (2) stand-alone and packaged cyber insurance.
The easier way to think of first-party cover is “if something happens to my business, this is what will be covered.” If cyber security risks materialize to you as the business owner, then these actions or costs will be shouldered by the insurer.
Third-party coverage covers when a threat actor gets into your business but they only get to affect someone else’s information. In other words, they’re only able to attack someone else because they have breached your system. In these cases, the insurer takes liability and performs these necessary steps at its cost.
Stand-alone vs. Packaged Cyber Insurance
A stand-alone cyber insurance policy covers all areas of cyber risks; while a packaged cyber insurance does not have the full features.
There is a stand-alone cyber insurance product, and there is also an option to get a packaged cyber insurance product. So if you have a commercial general insurance policy, there’s a way to add on a rider for cyber coverage. But a rider really only covers a few items and it can be limited in those areas, although it can also cover other things.
In the cyber insurance industry, the most common cyber crimes that we see day in and day out are wire transfer fraud, annoying fake emails and texts, and phishing attempts. This is true in small and big-scale events. These are the most common crime-related events but unfortunately, these are typically not covered at all in packaged policies.
It’s very wise to look at these stand-alone policies. Make sure that the coverage is comprehensive enough to cover these most common cyber crimes.
“the most common cyber crimes that we see day in and day out are wire transfer fraud, annoying fake emails, and texts, and phishing attempts… unfortunately, these are typically not covered in packaged policies.”
Query: Are most people confused in thinking that if they have bundled or packaged insurance, they also have cyber security insurance?
Yes. That is spot on. Absolutely correct. That is confusion for a good reason. They actually don’t have full cyber security insurance because they don’t have the full features that come with stand-alone cyber insurance.
Normally they have a commercial policy and they see an option to add on cyber coverage, and if they are not reading through the details of the policy, someone would think, “yeah, I already added cyber insurance.”
But it’s very limited when it’s a rider to a commercial policy. And that’s why it is so important to take time to look at this for everyone to understand what they have. Although it is still better than having nothing, a stand-alone policy will cover comprehensively for all of these threats, instead of packaged or add-on riders.
It makes us nervous because people think they have cyber insurance but it really only covers only hardly 20% of the threats out there.
So yes it is indeed spot on to say that people are rightfully confused.
Cyber insurance has only been emerging for the last few years and is still not yet standardized as an insurance product, and it is starting to become a little more so.
People are rightfully confused and that’s why we take these opportunities to try to provide as much education as possible.