Is our cyber insurance adequately covering our organisation? What loopholes can the hackers manipulate? Are the limits of coverage sufficient to our business activities?
These are few questions that every Chief Risk Officer (CRO) or Chief Information Officer (CIO) will have, when taking an insurance cover or post signing an insurance contract. Let us go through some salient steps to help you purchase the comprehensive and adequate Cyber Insurance Policy for your company.
We would also like to hear your comments/ suggestions; and let us know your experience purchasing a Cyber insurance cover or handling a claim?
‘Contact Us’ to close any gaps between your expectations and what your policy actually provides.
Step 1: Determine If You Need Cyber Insurance. Things to consider will include;
- Whether the company handles sensitive information which include, but us not limited to, ePHI (electronic protected health information) or PII (personally identifiable information)
- You host a public website that interacts with customers and stores their login data
- You use a third-party vendor to manage your database, provide an online shopping facility, or as a supplier of the goods/services you sell
- You own or use a website or online application, and rely on the security of your business for your income
- Your staff use BYODs
Remember, standard business liability insurance policies do NOT cover cyber liability.
Step 2: Consider These Questions Before Selecting a Cyber Insurance Provider & Policy;
- How much insurance do you need and how much can you afford?
- What are your unique risks and what type of coverage do you need?
- What should trigger your policy, eg., only a deliberate cyber attack or any type of attack including an unintentional error by internal staff?
- What should your policy exclude, eg., unintentional human error or BOYD device theft?
- What does the provider offer, eg., a first responder service, legal costs and support over any downtime periods?
Step 3: Create a Custom Policy Outline
Each business are unique and their risk levels differ. Your policy should determine your preparedness for a cyber-attack and identify what kind of insurance will best suit your needs. Also, the more prepared you are, the lower your premiums will be.
- What type of policy is best suited to your business? Package policies, Group policies OR Standalone Policies?
- What should be covered? First-Party Coverage (applies only to the policyholder), Third-Party Coverage) applies to anyone else who has been affected e.g. your customers, third parties etc.)
- What kind of coverage do you need? Network Security Coverage? Privacy Liability Coverage? Media Liability Coverage?
- How much coverage do you need?
Step 4: Ask Your Potential Cyber Insurance Provider Important Questions, Including;
- What types of incidents are covered? does your provider cover unintentional and non-malicious attacks?
- What are the deductibles? cyber insurance works similarly to health, vehicle or home insurance.
- Exactly how does coverage and limits apply to first and third parties? do legal costs cover your business liabilities only or are your customers covered, too?
- What are the timeframes within which you are covered? Some cyber-attacks are not discovered for years. Are you covered six years down the line?
- Does the policy cover you globally?
- What kind of response time can you expect in the event of a data breach?
