Risk & Business Magazine Cooke Insurance Risk & Business Magazine Fall 2017 | Page 27


In an increasingly connected world , no organization is immune from cyber-attacks . Whether they come sooner or later , you can be assured that they will come at some point . In the cybersecurity community , they talk about two kinds of businesses : those that have been breached and those that don ’ t realize they have been breached .

With more and more companies experiencing data breaches , the market for cyber insurance has grown exponentially in recent years . Unfortunately , cyber insurance is not as straightforward as many other types of insurance . Fortunately , that means it can be tailored to your company and you won ’ t get stuck with a one-size-fits-all policy .
Most cyber policies are offered on an a la carte basis , which allows policyholders to negotiate the terms and conditions they require and purchase coverage which will fit their individual needs . It is critical , however , to understand what you need from your cyber insurance and assess your business and its risks when trying to find the best coverage .
There are six essential aspects of cyber insurance which you should understand moving forward :
1 . LIMITS AND SUBLIMITS Hands down , the issue of limits and sublimits is the most important aspect to understand . The cost of an attack , even a small one , can wind up in the millions of dollars . Policyholders need to be absolutely sure that their overall limits are within the scope of their level of risk . Doing this requires taking into consideration the costs associated with a potential data breach in conjunction with the limits of liability available . A broker is invaluable in this process .
Next , sublimits must be examined . These are extra limitations in the coverage of certain losses . They do not provide extra coverage per se , but they do set a maximum to cover specific losses . Sublimits are often applied to specific coverage areas , such as crisis management expenses , regulatory costs , or notification costs .
2 . VENDOR ACTS AND OMISSIONS Along with the interconnectivity of the modern business environment is the entry of third-party vendors who store , process , and analyse data for businesses . While they make doing business easier , and often reduce overhead , they also represent a source of exposure . It is critical that your cyber liability policy will cover claims resulting from breaches caused by those third-party vendors .
3 . RETROACTIVE COVERAGE Standard cyber policies place limits on ( or outright deny ) coverage for breaches occurring before a specified date . This applies even if the claim is made during the policy period . The date is typically going to be the date of the inception of the policy , but not always . Unfortunately , breaches often go undiscovered for weeks or months ( or even longer ). Having your policy extend retroactively is an essential aspect that shouldn ’ t be overlooked . Often , retroactive coverage can extend one , two , five , or even ten years in the past , though some insurers offer unlimited extensions .
4 . EXCLUSIONS Every type of insurance is going to carry exclusions which limit the overall coverage . Understanding these exclusions is important to understanding where you may still be exposed to risk . When it comes to cyber insurance , there are three very common exclusions :
• Outdated software – Outdated software poses significant risk . Insurers often will not cover claims related to tools which have become outdated and are not receiving regular maintenance .
• Unencrypted mobile devices and data – Encryption doesn ’ t always mean data is safe , but many carriers view it as a benchmark of cyber security . Thus , it is important to understand whether or not proactive encryption costs would outweigh the alleviation of risk .
• Card issuer fines and penalties – Fines and penalties can be levied against an organization by card issuers , such as Visa , Mastercard , and American Express . These can be expensive and many policies exclude them .
Other common exclusions include bodily injuries and acts of foreign governments . Carefully go over your policy with a broker to understand when you are and are not covered under your current policy , and act accordingly .
5 . PANEL PROVISIONS Often , insurers will have preferred vendors that they wish to use in the case of a breach . This means that having a pre-existing relationship with experts , legal professionals , or investigators will not matter if they are not approved by the carrier . Fortunately , this is an area which is often up for negotiation . It is important to make sure you have your chosen panel approved ahead of time , though , so you aren ’ t left in the cold when the time comes to make use of it .
6 . CONSENT PROVISIONS Cyber policies often contain consent provisions that require policyholders to obtain the consent of the insurer before incurring certain expenses related to cyber claims . These cyber claim expenses are often related to notifying customers that a data breach has taken place , conducting investigations , or defending against third-party claims . If prior consent provisions are included in the policy and cannot be removed , policyholders should at the very least change them to ensure the consent of the carrier cannot be unreasonably withheld .
MOVING FORWARD Cyber insurance is a relative newcomer to the industry . It is continuously evolving , just like the cyber threats that are constantly emerging . A proactive approach is essential to keeping cyberattacks at bay and ensuring proper coverage . Working closely with a broker specializing in cyber threats and insurance and consistently analysing your needs based on new information is essential to success .
For more information and to find out whether your needs are being met , contact Cooke Insurance Group today . +