The data breach checkmarks on the left depending on the industry or vertical that your business is in. There are varying implications. But it’s vital to have a team to support you. Here’s what’s covered on the left and here’s what to consider on the right in a good standalone cyber insurance policy.
Coverage Worth Considering
Looking at the right-hand portion, consider:
A breach coach law firm to defend you. Have a team or a breach coach law firm at your disposal to help you and remediate. In case of an incident, they will immediately take control and an attorney-client privilege is attained. A forensic expert will go in and see what data was compromised and what implications could be.
24×7 hotline. In a case of an incident, the first call goes to this hotline. It’s worth considering having a 24x7x365 hotline to initiate any claims.
Basic Coverage
Here is the basic coverage of a Cyber Insurance policy:
- Protection against data breaches – if someone accesses a system, they can have access to almost any data in it and navigate through it.
- Cyber attacks on your data are held by vendors and other third parties – so this is a very real thing that is a risk and is also covered.
- General cyber attacks: This discusses ransomware, cybercrime, and all its components.
Cyber attacks that occur anywhere in the world are an interesting aspect of how the cyber insurance market works because they’re a little different from a crime in a physical address. It’s the network that is protected. So in a good cyber insurance policy, your network is protected regardless of where an employee may be traveling. They may be traveling and logging in remotely; irrespective of where they are, the network is protected.
And as a side note, cyberattacks come from all over the world. So, the network must be protected regardless of where employees are. Some sophisticated organizations know they’re operating from non-extradition countries. So that means that if they commit a crime in the United States, they are not going to be held accountable the same way because of the country they’re in.
It’s important to know that these threat actors are out there. They’re all over the world, and they can access data anywhere.
Depending on their physical location, US laws and regulations may not apply to these criminals if they are caught in the act.
It is essential not only to think comprehensively about your cybersecurity but also to protect yourself in the best way possible.
First-Party Coverage
First-party coverage means “this is what happens to my business.”
Fraud, extortion, and ransomware coverage, technically termed “cyber extortion coverage,” are essential parts of first-party coverage. If there is a breach, it could have been caused by fraud or cyber extortion.
In effect, it would be necessary for the first party to set up public relations, such as call centers, to notify people of their data exposure. A forensic investigation involving multiple experts is also necessary to manage the crisis.
Business interruption coverage is also necessary to cover income loss resulting from the disruption of operations. There’s also another one called dependent or contingent business interruption.
The overarching theme is that insurance is not just there to indemnify or provide monetary compensation, but also to offer a team of experts who are available. When there is an incident, a business aims to get back up and running as soon as possible and ensure its customers, even in unfortunate situations, receive the best service possible. So we’re looking to have the best team available and to have experts in every specific area that an incident may approach.
Third-Party Coverage
This does not necessarily mean, “what happens to my business?” but “if a threat gets into my business, now what could happen to other people?”
“Riders or add-ons might compensate by paying a ransom but not necessary for third-party coverage.”
Because these are customers whose interests were violated, there could be regulatory issues. There are particular industries where claims and settlements are more numerous, hence, more regulations are required.
Query: Does a third-party component says, “hey you got breached, and because of that breach, it affected me.” This happens in most cases, and there’s a possibility that if you don’t have the right policy, you are not covered by me if I come after you saying, “hey, Joe, your company did this and it affected me now I want to sue you.”
Absolutely. This is spot on on both counts. This is third-party coverage and definitely not included in a lot of policies, particularly as an add-on or a rider to a commercial policy. Riders or add-ons might compensate by paying a ransom but not necessary for third-party coverage.
The expenses arising from third-party coverages are the primary drivers that drive cyber insurance costs upwards.
Does a good standalone cyber insurance policy include third-party coverage?
Yes. A good standalone cyber insurance policy will have coverage for third-party coverages covering these areas.
It’s important to make sure you read these provisions as included in your policy and that you understand the inclusions. This is needed especially If the situation looks too good to be true and you’re just quickly adding on Cyber Coverage to another type of insurance product.
Better to take a deeper read into what is actually covered in those policies.
