fbpx

Checklist: Five Things to Remember When Buying Cyber Insurance

by | May 17, 2023 | Cyber | 0 comments

A red shield defending a computer.

In today’s 24/7 online world, cyber insurance may be the smartest purchase you can make for your business.

Key takeaways:

  • Cyber insurance protects your business, your customers, and your partners
  • Choose the kind of coverage that’s right for your company
  • Make a budget so you’ll know what you can afford

You’ve made the smart decision to consider purchasing cyber insurance, the first step towards improved security for your company. The next step is to answer a few key questions: What kinds of coverage are necessary for your type of business? How much coverage do you need? How much can you afford? 

The cyber insurance industry can feel overwhelming for first-time buyers, with inside-baseball terminology and concepts that can be difficult to understand without a technical background. Luckily, we’re here to walk you through the basics so you can approach the process with confidence.

Why purchase cyber insurance?

The most obvious reason to buy cyber insurance is to protect your business in the event of a data breach or other cybercriminal activity. Also, many companies and clients require cyber insurance as a condition of doing business. There are different factors to consider depending on which reason you choose.

If you’re primarily interested in protecting your business, you’ll need coverages that are fairly comprehensive and cover every aspect of your company. There are also many optional forms of coverage that can be customized to your organization’s specific needs.

If you have contractual obligations to meet, you not only need to consider your own needs but also those of your partners and customers. Does a third party require that you list them as insured? Do they need a waiver of subrogation? You also need to comply with any state or federal regulations that deal with cybercrime.

With all of that in mind, it’s time to make a checklist of what you need to know when it’s time to buy.

1) Select your coverage

Here are the key types of coverage that should be included in any cyber insurance policy.

  • Business interruption and extortion. A data breach can stall or stop your company’s daily operations. This coverage covers losses stemming from any such interruptions, as well as crisis management.
  • Forensic expenses. If you’re attacked by cyber criminals, you’ll probably need an IT expert to help assess and repair the damage and a forensic accountant to measure the scope of the financial cost. This coverage covers those services, plus any other expenses you incur from countering the threat.
  • Notification expenses. If your industry follows certain regulations, like the Payment Card Industry Data Security Standard (PCI DSS), you’ll be required to let your customers know after a breach occurs. This covers the cost of that process.
  • Regulatory penalties and fines. If regulators decide that you didn’t do enough to protect your customer data, this coverage helps with any fines or penalties assessed.
  • Credit monitoring and ID theft repair. This covers any costs that come with identity theft, including lost wages and lost time for child and elder care. It also covers credit monitoring services if you need to offer them to your customers.
  • Customer and employee data loss. This covers data compromise liability, fines, and penalties, as well as identity recovery.
  • Payment fraud. If your staff falls victim to a scam and ends up transferring money to a thief, this coverage can help reimburse you for your losses.
  • Public relations costs. In addition to the immediate financial loss, cybercrime can harm your company’s reputation. Even the most loyal customers may no longer have faith that you can keep their information safe. This coverage can help if you need to engage a PR firm to contain the damage.
  • Liability and defense expenses. In the event of a lawsuit, this coverage can protect your firm from legal defense costs and electronic media liability, which includes privacy rights violations, trademark or copyright infringement, and unintended defamation.

This may seem like a long list, but leaving out any of these coverages can open your company up to significant risk.

2) Measure your risk

The cost of your cyber insurance premium depends on your level of risk. Before signing up for coverage, take the time to evaluate your company’s cyber risk profile, find out where the holes are, and get those holes patched to lower your level of exposure (and your insurance premiums).

Ask yourself these questions:

  • Do you collect or deal with sensitive data, such as personally identifiable information (PII), protected health information (PHI), or payment card information (PCI)?
  • Do you have the proper protections in place for your customer data? This includes storage, encryption, retention, backup, and privileged access.
  • Do you work in an industry, such as healthcare or law, that requires confidentiality?
  • Does your website or app store customer logins, passwords, and other sensitive data?
  • Do third-party companies you work with have lower security standards than you?
  • Do your employees use their own devices for work?

If the answer to any of these questions is “yes,” then you’re operating in a high-risk environment, and cyber insurance is a must-have for your organization.

3) Decide what you can afford

Cyber insurance premiums vary in price, so your level of coverage will depend on how much you can spend. The average cost per stolen record of a data breach was $164 last year, a 1.9% increase over the previous year. Do you have enough coverage to handle that?

Over and above insurance premiums, you’ll need to keep some cash on hand to cover the cost of a data breach while you wait for your insurance to kick in.

4) Read the fine print

Before you sign on the digital dotted line, be sure to carefully read the terms, conditions, and exclusions of your cyber insurance policy. Does it offer blanket coverage or cover only certain types of accidents or attacks? What triggers activate your coverage? What does it exclude?

For example, some policies don’t cover incidents that occur when employees are using their personal devices on the company network (also known as “bring your own device” or BYOD). Other common exclusions include unencrypted data, PCI fines and assessments, and acts of war.

5) Work with a trusted insurer

Keeping your company safe from a data breach is a daily high-wire act, and cyber insurance is your safety net. But finding a policy that works for your company and stays within your budget is often easier said than done.

Luckily, the burden doesn’t have to fall entirely on your shoulders. An insurance company that has a deep history with cyber protection can do a lot of the heavy lifting for you. If you’re thinking about purchasing a cyber insurance policy, the team at NICRIS Insurance is ready to help. Just drop us a line, call (516) 544-0006, or stop by our office for a free consultation.