Cyber Insurance: A Buyer’s Guide


Part 1 of Cyber Insurance: A Buyers Guide gave us an introduction to the basics of Cyber Insurance. (covered in Issue 2)

Part 2’s intention is to delve deeper into some of the more important aspects of tailoring coverage to organisations, service team offerings and submissions to underwriters. We further look into policy response and its importance with respect to the upcoming mandatory breach notification laws.

Tailoring coverage and the limit of liability to organisations associated risks and exposures

Whilst every organisation is exposed to cyber risk, the consequences vary across industry and business size. When considering implementing a cyber insurance policy as part of an overall cyber risk management strategy, organisations need to keep in mind the fact the policy provides both 1st and 3rd party protection and well as business interruption loss protection. Ultimately this translates into immediate and slow-burn costs and needs to be taken into account when considering the most appropriate limit of liability.

Organisations should be encouraged to consider that beyond the immediate investigation costs, notification costs (see Mandatory Breach Notification Laws), business interruption costs, fraud costs, extortion costs and remediation costs, there is potential for consequential third-party litigation expenses, regulatory fines and penalties, customer loss and loss of revenue (“slow-burn costs”). Estimating the potential costs to an organisation of a breach by only considering immediate costs, could lead to a significantly inadequate limit of liability. If this approach is taken, an organisation may find itself with no protection available, for associated slow-burn costs. A proper assessment of the full potential impact of a breach/unauthorised access should be undertaken.

With respect to coverage, whilst there are emerging structures that most cyber insurance policies adhere to, there are nuances in policy wordings that if not addressed could have substantial impact on an organisation should a claim/ potential claim occur. Two examples are outlined below…Click HERE to read full article.