Tailoring a Cyber Policy to Your Business
Cyber insurance coverage is a relative newcomer to the insurance market, which can present some challenges for both businesses and insurers. To date, there are no official industry standards for cyber insurance, but there have been major strides in recent years to establish some. The National Institute of Standards and Technology (NIST) offers a comprehensive overview of the current state of cyber risk management. Adherence to these standards is currently voluntary, but many experts believe that the NIST recommendations have become the unofficial industry standard for cyber risk management.
Still, with the breakneck pace of technological evolution and increasing pressures to digitize data, most businesses are already vulnerable. The best way to protect yourself and your business is to conduct a risk assessment and identify any gaps in your coverage. Here are a few things worth looking for:
Understand the coverage that you have, and the coverage that you don’t. Many people might make the mistake of assuming that a commercial general liability (CGL) policy covers losses in the event of a cyber attack. However, assumptions like that can be dangerous and costly, as many CGL policies specifically exclude electronic data. Take the time to review your current coverage and identify any exclusions that might leave you vulnerable.
Understand your company’s specific needs. Companies vary in their use of and dependence on data. For instance, customer data held by financial or health care businesses is comparatively more valuable to criminals. Other companies, like online merchants, may potentially suffer greater losses as the result of an attack that crashes a website or interrupts service. Different policies have different limits, sublimits and exclusions for different kinds of losses, so it’s important to work with an expert who can find exactly where your liabilities lie and what kinds of coverage you need.
Consider retroactive coverage. Unfortunately, cyber breaches often go undetected for a long time. As a result, a policy that only offers coverage to the date of inception might leave you vulnerable to a cyber attack that hasn’t yet been discovered. To mitigate your liability as much as possible, get coverage with the earliest possible retroactive date.
Obtain coverage for third-party vendors. Many businesses outsource their data processing or storage to a third-party vendor. This is a smart move, especially if you aren’t equipped to handle the IT side of your business. Unfortunately, it may leave you liable for damages if the actions of that third party are responsible for a breach. Make sure you have coverage for the actions or omissions of third parties with whom you do business.
The best way to determine your specific risks and liabilities is to talk to an expert. Consult with your Account Manager at McSweeney & Ricci Insurance Agency to identify your risks and tailor a cyber policy to fit your specific needs.
This publication is for informational purposes only. It is not intended to be exhaustive nor should any discussion or opinions be construed as compliance or legal advice.© 2015 Zywave, Inc. All rights reserved.