Cyber Liability Insurance: 7 Considerations Before Seeking Coverage

Cybersecurity, ransomware, cybercriminals, cyber-attacks, etc., continue to appear across local and national news headlines. Many watch and read, hoping that their organization isn’t next. But the truth is, it’s not if it will happen, but rather when.

Before inquiring about cyber liability coverage, requirements, and exclusions, take time to evaluate your company’s cyber health and security position.

This article covers seven areas including processes, procedures, and technologies to review with your IT team and advisors prior to purchasing, renewing, and updating a cyber liability policy.

Cyber Liability Insurance

With an increase in cyberattacks, heightened demand, and the ransoms that have been paid out as described in the Cybersecurity Climate sidebar, changes have been made to cyber liability insurance policies, including extensive applications to know all about your network, any vulnerabilities, previous breaches, and risks that would cost money if a cyber incident occurs.

Carriers have created new cyber programs, enacted policy changes to clarify and restrict coverage, and increased premium charges, which is usually based on a company’s security posture and annual revenue size. As a company starts the process of evaluating different types of policies and meeting with their broker and underwriters, they should prepare their organization to ensure they are in compliance and qualify to obtain an adequate policy that meets their needs and properly covers them in case of a cyberattack.

7 Considerations for Adequate Cyber Liability Coverage

When a company is preparing to purchase, renew, or update cyber liability insurance, there are seven measures that should take place prior to obtaining a policy and to ensure a company is properly covered in case of a cyberattack.    

1) Understand What Specifically Is Not Covered in Cyber Liability Insurance Policies

It is especially important to read through and understand what is and is not covered before deciding if you want to purchase additional coverage based on your current policy.

If a ransomware demand or data breach occurs, keep in mind that not all costs are covered. In some instances, if your company previously experienced a breach, coverage under some policies is limited. Most policies typically do not cover:

  • Future potential economic loss
  • Loss of value due to intellectual property if it was a data breach
  • Cost of upgrades to the network
  • New technology tools and devices as a result of a cyberattack

These extremely critical items could financially impact the organization since it will have to pay out of pocket for any additional or all expenses.

Cyber liability insurance policies are not created equal. To avoid any issues before deciding on an insurance carrier, your organization’s legal, risk management, and IT security teams should review all policies and cyber liability programs, including:

  • Incident Response Plan
  • Disaster Recovery Plan
  • Computer Hardware Replacement
  • Business Interruption
  • Cyber Extorsion/Ransom
  • Breach Response

There can be vital differences due to coverage based on the type of industry, number of employees, and cybersecurity posture of your network.

If you are a CFMA member login to continue reading this article. If you aren't a member yet and would like unlimited access to all of the content on cfma.org, plus a variety of other benefits, join CFMA today!

About the Author

Eku Williams

Eku Williams is Senior Manager of Vulnerability & IT Audit at CyberSure (www.cybersurellc.com) in Cincinnati, OH. Eku is responsible for conducting IT vulnerability assessments and IT security audits while assisting organizations to mitigate risks in their environment.

Read full bio