For many business owners, insurance for cyber security is a discretionary purchase. Cyber insurance isn’t standardized, unlike property and commercial insurance policies, so it’s often viewed precariously—more as a luxury than a necessity.

Cyber insurance is also a newer product that many business owners don’t understand or know why it should be purchased. The truth is, with a large number of people working remotely, it’s more important than ever to be covered in case of a cyberattack, but it can be challenging to know what you need.

Develop your insurance and cyber security plan

To start, business owners need to understand their cyber security risk through internal reviews that involve management service providers, cyber security professionals, lawyers, and brokers. While getting the right coverage is essential, any cyber policy you choose should be a part of an overall Cyber Incident Response Plan that identifies:

  • The types of information you have
  • Who at the organization is responsible for initiating the plan
  • Who to contact and at which point
  • How the response plan adapts to specific situations

Cyber policies are complex coverage documents, and it’s essential to note in the plan at which point each coverage is available and how best to utilize the policy coverages. Certain coverages respond upon notice; others require prior written consent from the insurer.

Get the right advice on insurance and cyber security

When it comes to getting the right cyber coverage, one of the most important things you need is a broker that fully understands your business. Once you’ve chosen a broker with whom you feel confident, here are some questions you should ask yourself to ensure you get the coverage you need:

  • What type of data do we maintain in our system (or with our cloud provider)? What is my exposure if my data or systems are affected?
  • If using a cloud provider for services, where is my data kept, and what contractual agreement do I have in place?
  • How long can we continue to operate without our primary systems?
  • How long would it take us to recover from an incident?
  • What internal controls do we currently use? Examples of internal controls include call-back provisions to change banking information, employee training in cyber hygiene, and advanced firewalls

Get the right cyber coverage

The current cyber market provides a variety of options. At first glance, some options can appear similar, but they can be dramatically different once you examine the policy wording. For example, even if the coverage titles are similar, the coverage may not be equal. In addition, each policy has its unique terms, conditions, and exclusions that may modify the described coverage’s intent.

At the most basic level, Cyber Expense or Privacy Breach Notification Expense coverage can be added to traditional commercial insurance packages and is intended to provide limited coverage (commonly $25,000). It is designed solely to assist with basic costs, like paying for postage when notifying affected individuals of a privacy breach.

On the other end of the spectrum, stand-alone cyber liability policies cover costs related to a network or security breach that results in the disclosure of personally identifiable information, personal health information, or third-party corporate information.

While fully customized cyber liability policies are also available, the foundation of any strong insurance program should include coverage for:

  • Third-party liability: Liability arising from the unauthorized disclosure of personally identifiable information, personal health information, or third party corporate information due to a security breach or network failure
  • First-party expenses: Coverage to help your business with the financial burden of expenses such as crisis event management, security breach remediation and notification, and computer program and electronic data restoration
  • Cyber extortion: System disruption due to ransom or extortion demands, including access to experienced cyber negotiators and ransomware specialists
  • Cybercrime: Social engineering and unauthorized electronic funds transfers
  • Business interruption: Income replacement while you attempt to recover from an incident

No matter the size of your company, Cowan Insurance Group’s dedicated team of expert advisors will walk you through the steps to secure your business and get you the coverage you need. Contact us today to get started.