With cyber related attacks and cyber insurance claims on the rise, it is crucial for companies and organizations of all sizes and industries to assess and understand what their cyber insurance policies cover and exclude.
Over the past few months, I have reviewed many cyber insurance policies that had lower limits in coverage areas that should have had higher limits and some policies were lacking in coverages that should have been included. In addition, many of these policies had coverage exclusions that should have been avoided at all costs.
Indeed, while there are many more insurance brokers selling cyber insurance today, many still don’t understand the intricacies of cyber insurance.
This is why working with an experienced cyber insurance broker who understands the complexities of cyber insurance is more important than ever.
Would you ask your primary care physician to perform an open heart surgery that is best performed by a heart surgeon? The same can be said with cyber insurance. It is a complex insurance policy that is best served by an experienced specialist.
One misstep on your end in reporting a claim or purchasing the wrong cyber insurance policy can cause your company great hardship.
What do companies need to cover?
Cyber insurance is not a one-size-fits all policy. Depending on your company’s industry, and cyber risk exposure, your cyber insurance policy can be tailored to your company’s exposure. While cyber insurance is not designed nor does it cover every cyber exposure today, it is important to understand which exposures are covered. Most cyber insurance policies offer first-party and third-party cyber coverages. It is certainly worth your company’s time to review your cyber insurance policy to better understand which first and third-party liability coverages are in place before an incident happens and how to access those cyber insurance coverages when needed.
What do companies get wrong about cyber insurance?
While cyber insurance has been on the rise, there are still many cyber insurance misunderstandings. The following are a few that I see often.
- Failing to understand the sublimits of coverage that are in place can cause a very costly mistake for companies that fail to recognize the significance of these sublimits and how they will impact the coverage.
- For those companies buying cyber insurance for the first time, failing to improve the retroactive date may leave a company without coverage for a security breach that was undetected, before the retroactive date.
- With social engineering on the rise, many companies are not covered for “voluntary transfers” related to social engineering fraud or phishing attacks when this coverage is now available.
- When an incident happens, companies should understand who they need to contact and the steps that need to be followed to comply with reporting a claim.
How long after an incident occurs does a company have to report it to their insurance carrier?
Many cyber insurance policies state “as soon as reasonably practicable”. While there is no one answer on what “reasonably practicable” is , based on my experience in assisting clients with cyber claims, this should be stated “as soon as possible”. Especially if your company’s network is adversely affected and causes a loss of business revenue due to your network interruption. I have seen insurers reserve their rights and hold prejudice against companies failing to provide immediate notice when there is any network interruption due to a ransomware incident. Therefore, it is highly advisable to report your claim right away. Most cyber insurance carriers have a 24/7 hotline for that reason.
Interested in a cyber insurance policy review or a cyber insurance quote?
For those companies that have not yet purchased cyber insurance, it is still a buyers market and there has never been a better time to purchase a cyber insurance policy. Contact us today for assistance with your cyber insurance quotes or cyber insurance policy review.