Risk & Business Magazine Cooke Insurance Risk & Business Magazine Fall 2017 - Page 27


In an increasingly connected world , no organization is immune from cyber-attacks . Whether they come sooner or later , you can be assured that they will come at some point . In the cybersecurity community , they talk about two kinds of businesses : those that have been breached and those that don ’ t realize they have been breached .

With more and more companies experiencing data breaches , the market for cyber insurance has grown exponentially in recent years . Unfortunately , cyber insurance is not as straightforward as many other types of insurance . Fortunately , that means it can be tailored to your company and you won ’ t get stuck with a one-size-fits-all policy .
Most cyber policies are offered on an a la carte basis , which allows policyholders to negotiate the terms and conditions they require and purchase coverage which will fit their individual needs . It is critical , however , to understand what you need from your cyber insurance and assess your business and its risks when trying to find the best coverage .
There are six essential aspects of cyber insurance which you should understand moving forward :
1 . LIMITS AND SUBLIMITS Hands down , the issue of limits and sublimits is the most important aspect to understand . The cost of an attack , even a small one , can wind up in the millions of dollars . Policyholders need to be absolutely sure that their overall limits are within the scope of their level of risk . Doing this requires taking into consideration the costs associated with a potential data breach in conjunction with the limits of liability available . A broker is invaluable in this process .
Next , sublimits must be examined . These are extra limitations in the coverage of certain losses . They do not provide extra coverage per se , but they do set a maximum to cover specific losses . Sublimits are often applied to specific coverage areas , such as crisis management expenses , regulatory costs , or notification costs .
2 . VENDOR ACTS AND OMISSIONS Along with the interconnectivity of the modern business environment is the entry of third-party vendors who store , process , and analyse data for businesses . While they make doing business easier , and often reduce overhead , they also represent a source of exposure . It is critical that your cyber liability policy will cover claims resulting from breaches caused by those third-party vendors .
3 . RETROACTIVE COVERAGE Standard cyber policies place limits on ( or outright deny ) coverage for breaches occurring before a specified date . This applies even if the claim is made during the policy period . The date is typically going to be the date of the inception of the policy , but not always . Unfortunately , breaches often go undiscovered for weeks or months ( or even longer ). Having your policy extend retroactively is an essential aspect that shouldn ’ t be overlooked . Often , retroactive coverage can extend one , two , five , or even ten years in the past , though some insurers offer unlimited extensions .
4 . EXCLUSIONS Every type of insurance is going to carry exclusions which limit the overall coverage . Understanding these exclusions is important to understanding where you may still be exposed to risk . When it comes to cyber insurance , there are three very common exclusions :
• Outdated software – Outdated software poses significant risk . Insurers often will not cover claims related to tools which have become outdated and are not receiving regular maintenance .
• Unencrypted mobile devices and data – Encryption doesn ’ t always mean data is safe , but many carriers view it as a benchmark of cyber security . Thus , it is important to understand whether or not proactive encryption costs would outweigh the alleviation of risk .
• Card issuer fines and penalties – Fines and penalties can be levied against an organization by card issuers , such as Visa , Mastercard , and American Express . These can be expensive and many policies exclude them .
Other common exclusions include bodily injuries and acts of foreign governments . Carefully go over your policy with a broker to understand when you are and are not covered under your current policy , and act accordingly .
5 . PANEL PROVISIONS Often , insurers will have preferred vendors that they wish to use in the case of a breach . This means that having a pre-existing relationship with experts , legal professionals , or investigators will not matter if they are not approved by the carrier . Fortunately , this is an area which is often up for negotiation . It is important to make sure you have your chosen panel approved ahead of time , though , so you aren ’ t left in the cold when the time comes to make use of it .
6 . CONSENT PROVISIONS Cyber policies often contain consent provisions that require policyholders to obtain the consent of the insurer before incurring certain expenses related to cyber claims . These cyber claim expenses are often related to notifying customers that a data breach has taken place , conducting investigations , or defending against third-party claims . If prior consent provisions are included in the policy and cannot be removed , policyholders should at the very least change them to ensure the consent of the carrier cannot be unreasonably withheld .
MOVING FORWARD Cyber insurance is a relative newcomer to the industry . It is continuously evolving , just like the cyber threats that are constantly emerging . A proactive approach is essential to keeping cyberattacks at bay and ensuring proper coverage . Working closely with a broker specializing in cyber threats and insurance and consistently analysing your needs based on new information is essential to success .
For more information and to find out whether your needs are being met , contact Cooke Insurance Group today . +
CYBER INSURANCE I n an increasingly connected world, no organization is immune from cyber-attacks. Whether they come sooner or later, you can be assured that they will come at some point. In the cybersecurity community, they talk about two kinds of businesses: those that have been breached and those that don’t realize they have been breached. vF&RB&R6W0WW&V6rFF'&V6W2FP&WBf"7&W"7W&6R0w&vWVFǒ&V6VBV'2Vf'GVFVǒ7&W"7W&6R2@27G&vFf'v&B2FW"GW0b7W&6Rf'GVFVǒFBV2@6&RF&VBFW"6BPv( BvWB7GV6vFR6RfG2Ɩ77B7&W"Ɩ6W2&RffW&VB6'FR&62v6w2Ɩ7FW'2FVvFFRFRFW&2B6FF2FW&WV&RBW&66R6fW&vRv6vfBFV"FfGVVVG2B27&F6vWfW"FVFW'7FBvBR[email protected]g&W"7&W"7W&6RB76W70W"'W6W72BG2&62vVG'rFfBFR&W7B6fW&vRFW&R&R6W76VF7V7G2b7&W 7W&6Rv6R6VBVFW'7F@frf'v&CĔԕE2B5T$ĔԕE0G2FvFR77VRbƖ֗G2@7V&Ɩ֗G22FR7B'FB7[email protected]FVFW'7FBFR67BbGF6WfV6R6vBWFP֖Ɩ2bF'2Ɩ7FW'2[email protected]F&R'6WFVǒ7W&RFBFV"fW&Ɩ֗G2&RvFFR66RbFV"WfVb&6FrF2&WV&W2FrF66FW&FFR67G2766FVBvFFVFFF'&V66V7FvFFRƖ֗G2bƖ&ƗGf&R'&W"0fV&RF2&6W72WB7V&Ɩ֗G2W7B&RW֖VBFW6P&RWG&Ɩ֗FF2FR6fW&vPb6W'F76W2FWFB&fFPWG&6fW&vRW"6R'WBFWF[email protected]VF6fW"7V6f276W27V&Ɩ֗G2&RgFVƖVBF7V6f06fW&vR&V27V627&62vVV@WV6W2&VwVF'67G2"Ff6F67G2"dTD"5E2Bԕ540rvFFRFW&6V7FfGbFPFW&'W6W72Vf&VB2FPVG'bF&B'GfVF'2v7F&R&6W72BǗ6RFFf"'W6W76W2vRFWRFr'W6W72V6W"BgFV&VGV6RfW&VBFW6&W&W6VB6W&6RbW7W&RB07&F6FBW"7&W"Ɩ&ƗGƖ7v6fW"62&W7VFrg&'&V6W06W6VB'F6RF&B'GfVF'22$UE$5DdR4dU$tP7FF&B7&W"Ɩ6W26RƖ֗G2ࢆ"WG&vBFV璒6fW&vRf"'&V6W067W'&r&Vf&R7V6fVBFFRF0ƖW2WfVbFR62FRGW&pFRƖ7W&BFRFFR2G6ǐvrF&RFRFFRbFR6WF`FRƖ7'WBBv2Vf'GVFVǒ'&V6W2gFVvVF66fW&VBf"vVV0"F2"WfVvW"frW Ɩ7WFVB&WG&7FfVǒ2W76VF7V7BFB6VF( B&RfW&VBgFV&WG&7FfR6fW&vR6WFV@RGvffR"WfVFVV'2FR7BFVv6R7W&W'2ffW"VƖ֗[email protected]WFV62BU4U40WfW'GRb7W&6R2vrF6''W6W62v6Ɩ֗BFRfW&6fW&vRVFW'7FFrFW6RW6W602'FBFVFW'7FFrvW&PR7F&RW6VBF&6vV@6W2F7&W"7W&6RFW&R&RF&VPfW'6W6W63( WFFFVB6gGv&R( 2WFF[email protected]6gGv&R6W26vf6B&6ख7W&W'2gFVvB6fW"60&VFVBFF2v6fR&V6PWFFFVBB&RB&V6Vfp&VwV"FV6R( VV7'FVB&RFWf6W2@FF( 2V7'FFW6( Bv0VFF26fR'WB6'&W'0fWrB2&V6&b7&W 6V7W&GFW2B2'FBFVFW'7FBvWFW""B&7FfPV7'F67G2vVBWGvVvFPWfFb&6( 6&B77VW"fW2BVFW2( 0fW2BVFW26&RWf[email protected]v7B&v旦F'6[email protected]77VW'27V62f67FW&6&BBW&6W&W72FW6R6&PWV6fRBƖ6W2W6VFPFVFW"6W6W626VFR&FǐW&W2B7G2bf&VvvfW&VG26&VgVǒvfW"W"Ɩ7vF'&W"FVFW'7FBvVR&R@&RB6fW&VBVFW"W"7W'&VBƖ7B7B66&FvǒRT$d40gFV7W&W'2vfR&VfW'[email protected]fVF'2FBFWv6FW6RFR66Pb'&V6F2V2FBfr&RW7Fr&VF6vFWW'G2Vv&fW762"fW7FvF'2vBGFW"bFW&RB&fVB'FP6'&W"f'GVFVǒF22&Vv62gFVWf"VvFFB2'F@FR7W&RRfRW"66VV&fVBVBbFRFVv6P&V( BVgBFR6BvVFRFP6W2FRW6RbBb44TB$d407&W"Ɩ6W2gFV6F66V@&f62FB&WV&RƖ7FW'2F'FFR66VBbFR7W&W"&Vf&P7W'&r6W'FWV6W2&V[email protected]F7&W"62FW6R7&W"6ЦWV6W2&RgFV&VFVBFFgp7W7FW'2FBFF'&V62FV6R6GV7FrfW7FvF2 FVfVFrv7BF&B'G62`&"66VB&f62&R6[email protected]FRƖ7B6B&R&VfVBƖ7FW'26VBBFRfW'V[email protected]6vRFVFV7W&RFR66VBbFP6'&W"6B&RV&V6&ǒvFVBdrd%t[email protected]7&W"7W&6R2&VFfRWv6W FFRGW7G'B26FVW6ǐWffrW7BƖRFR7&W"F&VG2F@&R67FFǒVW&vr&7FfP&62W76VFFVWr7&W"ЦGF62B&BV7W&r&W 6fW&vRv&r66VǒvF'&W"7V6Ɨr7&W"F&VG2@7W&6RB667FVFǒǗ6pW"VVG2&6VBWrf&F0W76VFF7V66W72f"&Rf&FBFfB[email protected]vWFW"W"VVG2&R&VrWB6F7B6R7W&6Rw&WFF#p