Many businesses do not understand just how important cyber insurance is or why they need it. One of the most common targets for cyber thieves is big law firms. Experts say that these firms have large amounts of the personal data that cyber criminals want. In addition to this, large firms typically store plenty of corporate data, trade secrets and other protected information.
What Does Cyber Insurance Cover?
There are several inclusions in a cyber insurance policy. Any business that stores trade secrets and protected personal information of clients should consider a policy that includes the most important features.
One of the most important features a policy should have is investigation of privacy and cyber incidents. This feature includes forensic investigation costs, outside counsel costs, fees related to sending letters to clients about security breaches and the costs of crisis management or public relations. Coverage applies even if there are no lawsuits filed.
Another important feature is defense against lawsuits, demand letters and various claims. Defense against possible liability issues is also essential. Business interruption coverage is another valuable feature. If the business must temporarily halt operations due to the security breach, this feature covers the cost of lost income during that time. It also includes denial of service attacks to virtual business sites.
A good policy covers third-party liability that comes from security breaches. This also includes instances of policyholders inadvertently distributing malicious code to customers. Look for a policy that includes coverage from other exposures such as cyber extortion, asset loss and income loss. If the policy also includes the costs of any regulatory investigations deemed necessary, this is a useful benefit. Internal and external hacks are usually covered, and negligent acts are typically covered under most policies.
Cyber Insurance Checklist
In addition to verifying that the policy has all of the important features covered, it is helpful to make a checklist of issues to ask the agent about. To make sure the policy is as comprehensive as possible, ask the following questions:
- Are errors, omissions and acts of outsourced providers or vendors covered?
- Are the acts of rogue employees covered?
- Is data that falls into the wrong hands covered?
- Does the policy have wording that could void the coverage in certain instances?
- Does the policy have a sufficient limit for individual risks?
- Do any other existing policies offer supplemental cyber coverage?
- Does the policy provide coverage for data placed in the hands of trusted vendors?
- Does the policy offer retroactive coverage for issues that are not noticeable immediately?
Mistakes To Avoid
There are several mistakes business owners often make when shopping for cyber insurance. One of the most common mistakes is not understanding the length of the application process. It often takes longer than people expect, and experts say it is usually necessary to involve several parties. Plan to include the IT chief, the risk management coordinator, the accounting manager and the company's legal counsel. It is also helpful to talk to several owners of similar businesses to hear their solutions for dealing with security breaches.
Another common mistake business owners make is not taking advantage of what is offered by the insurance agency. Too many owners are quick to dismiss any additional suggestions as up-selling attempts. However, many products that agents recommend are useful and worth the small investment. Experts emphasize that it is important to be aware of any gray areas of the policy. Some issues may or may not be covered, and there are specific rules for certain incidents. Always ask an agent for clarification on these issues. Never assume that all policies are the same. Cyber insurance policies are not cookie-cutter products. Know what events are covered and to what extent, and always discuss any concerns with an agent before or after obtaining a policy.