As businesses grapple with the ever-expanding digital landscape, the need for robust cyber insurance policies becomes increasingly critical. Whether procuring new coverage or renewing existing coverage, this can help your business pinpoint what it may need to focus on. From evaluating the coverages provided to understanding coverage limits and incorporating risk management services, this checklist can help serve as a simplified guide to assist your business through the review process.
1. Policy Basics:
- Policy Type: Identify the type of cyber insurance policy (first-party, third-party, or a combination).
- Coverage Period: Confirm the coverage period and any limitations.
- Policy Limits: Understand the limits for different coverage components. (I.e. “sub-limits”)
2. Data Breach Coverage:
Your business will need to assess whether coverage is being provided for:
- First-Party Coverages:
- Notification Costs
- Forensic Investigation Costs
- Credit Monitoring for Affected Individuals
- Public Relations and Crisis Management Costs
- Third-Party Coverages:
- Legal Costs for Defense
- Settlements and Judgments
- Regulatory Fines and Penalties
3. Business Interruption and Loss of Income:
This coverage is essential and can help your business get back to business.
- Coverage for Downtime: Understand coverage for business interruption due to a cyber incident.
- Loss of Income: Check if income losses due to cyber incidents are covered.
- Waiting Periods: Check to see how long the incident must be before you can receive reimbursement for downtime or loss of income.
4. Extortion and Ransomware:
- Ransom Payments: Confirm coverage for ransom payments in case of ransomware attacks.
- Extortion Costs: Check coverage for costs related to extortion threats.
5. Network Security Liability:
- Coverage for Network Security Failures: Assess coverage for losses due to failures in network security.
- Defense Costs: Understand coverage for legal defense costs.
6. Privacy Liability:
- Coverage for Privacy Breaches: Confirm coverage for breaches of privacy.
- Legal Defense Costs: Check for coverage of legal defense costs.
7. Media Liability:
- Coverage for Media Liability: Assess coverage for issues related to content dissemination.
- Defamation and Libel Coverage: Confirm coverage for defamation and libel claims.
8. Cybersecurity Services:
- Incident Response Services: Check for access to incident response teams provided by the insurer.
- Preventive Services: Assess any proactive cybersecurity services provided.
9. Exclusions:
- Identify Exclusions: Understand exclusions in the policy (e.g., known breaches, prior acts).
- Mitigation of Exclusions: Check if there are ways to mitigate exclusions through additional measures.
10. Sub-limits and Deductibles:
- Sub-limits: Identify any sub-limits for specific coverages.
- Deductibles: Understand the deductible structure and its impact on premiums.
11. Regulatory Compliance:
- Regulatory Coverage: Confirm coverage for costs related to regulatory compliance.
- Notification Requirements: Ensure compliance with notification requirements.
12. Employee Training and Risk Management:
- Training Programs: Check for any employee training programs included in the policy.
- Risk Management Services: Assess the availability of risk management services.
13. Costs and Premiums:
- Premium Structure: Understand how premiums are calculated.
- Additional Costs: Identify any additional costs beyond the base premium.
14. Claims Handling Process:
- Claims Reporting Process: Understand the procedure for reporting claims.
- Claims Handling Timeline: Confirm the expected timeline for claims resolution.
15. Policy Renewal:
- Renewal Terms: Understand the terms and conditions for policy renewal.
- Premium Adjustments: Check how premiums might be adjusted upon renewal.
- Request Cyber Insurance Quotes: At renewal, our team of cyber insurance specialists collaborates closely with clients to evaluate all relevant cyber insurance policy offerings and present additional options for consideration.
This checklist is extensive and may need to be customized based on the specific needs and concerns of your business. Consulting with an experienced cyber insurance broker can also provide valuable insights during the comparison process.