Yes. End of blog. Well, there may be a little more to it than that, but in general, we are of the belief that every business should have a cyber liability insurance policy. That is not to say that they should all have the same policy.
The cyber insurance industry is still developing. Policies are not as standardized as auto, home and life policies. There is not a template that each carrier follows. Having said that, the policies are far more similar than they were four or five years ago when we were reviewing wildly different policies for customers. Here are some staples to look for when shopping for a policy:
• Coverage for attacks on your data held by third parties.
• Terrorist attacks.
• Cyber attacks occurring anywhere in the world.
• Coverage of recovery expenses.
• Coverage of any fines or penalties.
• Coverage of lost income due to disruption.
• Coverage for loss of reputation.
• Coverage for cost of ransom (which we recommend you never pay!).
• Coverage for losses of intellectual property.
• First and third-party coverage, meaning direct expenses and damages or settlements as a result of lawsuits or claims.
It is also key to know what exclusions, if any, your insurance carrier has attached to the policy. We see this less in recent policies as carriers are more clearly defining exactly what they will cover, rather than defining what they will not.
It is important to know what cyber security defenses your carrier is insisting upon in order to bind coverage. Will the insurance company pay out if you do not have basic protections like multi-factor authentication enabled? If multi-factor authentication is required, what does that mean? Is it required for email, admin accounts, all accounts, VPN? There needs to be clarity so that there are no surprises if an unfortunate event occurs that requires a claim. Many carriers will have a basic set of cyber security protections that must be in place.
Finally, the coverage amount is where policies may differ greatly from business to business. A Fortune 500 firm will need much more coverage than a business in the SMB space as an example. Many businesses are surprised to find that the total cost of a data breach exceeded their expectations and coverage. Do your research. What is the average recovery cost for a business of your size? Ensure your policy coverage will meet your needs.
Have questions or need recommendations on cyber security insurance? Contact our experts today at (888) 600-4560 or email us at info@coldencompany.com.