Given the number of variables, picking a cyber insurance policy can be a difficult task. Furthermore, while an organization may think it is protected by its current policy, new developments in cyber security and ventures by the organization itself may make those policies inadequate. Consider the following when creating or reviewing your existing cyber insurance plan.
Assess Your Unique Cyber Risks
Such as with any other liability policy, it’s important to understand the specifics of your cyber risks before picking a cyber liability policy. There is no one-size-fits-all policy, so asses your business needs to understand the best cyber insurance for you.
The following factors are some examples of what defines your organization’s distinct cyber risks:
- The type of data your organization stores
- How and what type of data is shared with business partners
- Types of communication systems used and their level of security
Know What Policies Are Available and What They Cover
Cyber insurance policies may vary significantly due to the absence of market standardization. While most policies provide first-party and third-party coverage, the details of what is covered can vary across policies. First-party coverage typically includes data breach response costs and business interruption costs that result from network failures, data breaches or ransomware attacks. Third-party coverage typically includes coverage for the costs associated with responding to regulatory investigations and indemnification for regulatory fines or penalties. Take a close look at the terms and coverage offered in each policy for what most closely aligns with your unique cyber risks.
Know Your Responsibilities
Closely examine your selected plan to know your responsibilities, such as who to notify if there has been a breach. For example, a data breach that has been recently discovered might have, in fact, been compromised for years, requiring a retroactive cyber insurance plan. Understanding these requirements and what needs to be reported can be the difference between being covered and not being covered at all. Work these requirements into your organization’s incident response plan to ensure they are followed.
Contact us for more information on cyber insurance policies and to go over your coverage.