BizTech Law Blog Banner

BizTech Law Blog

5 Tips for Investigating and Purchasing Cyber Insurance
Posted by:

In 2016 Lansing, MI's Board of Water and Light fell victim to a cyber-attack that resulted in $2.4 million in costs, including a $25,000 ransom paid to the perpetrators. In the aftermath of the breach, BWL announced that it was filing for a $1.9 million insurance claim under its cyber insurance policy, including $2 million in covered losses, less a $10,000 deductible.

There is a lot at stake for businesses when it comes to cyber-crime, which is why more and more businesses are investigating and purchasing cyber insurance to hedge against the risks associated with cyber security and data privacy.

Businesses face challenges in selecting and negotiating the right cyber insurance policy, however. The lack of standardized policy language and the inadequacy of many “off the shelf” policies in meeting a particular business’s needs make it critical that careful thought and planning go into the selection of cyber insurance coverage.

Here are five important considerations to keep in mind when it comes to purchasing a cyber insurance policy:

  1. Examine Your Business’s Needs
    The first step in purchasing cyber insurance is having a firm grasp on your business’ needs. A business must assess the type and scope of data and information that is stored and sent on its IT infrastructure, and thus potentially vulnerable to breach. This applies not only to information that is on the business’ own systems, but also those of its vendors and to the extent data is stored offsite. Doing this type of assessment will allow a business to make informed decisions about the type and scope of insurance coverage it needs.
  2. Consider Your Existing Coverage
    Before purchasing a new policy, your business should examine its existing policies to determine what type of cyber risks may already be covered. Commercial general liability policies may already provide coverage for things like privacy and data breaches. Other policies commonly held by businesses such as commercial property, Directors & Officers, and Errors & Omissions, may also offer coverage.
  3. Examine Cyber Insurance Options and Terms
    Serious consideration must be given to the policy's coverage, limits, and exclusions. A cyber insurance policy should cover each of the following, at minimum.

    • Costs relating to investigations, including those relating to administrative and regulatory actions.
    • Fines and penalties.
    • Remediation/crisis management, including the costs associated with a data breach. Several laws require data breach notifications, and sometimes providing credit monitoring services to affected individuals.
    While the above coverages are typically included, a number of add-ons may not be. A business must consider each type of harm it might face to understand whether cyber insurance might be able to help. For instance, some policies cover electronic extortion, network interruption, and even media liability for risks relating to copyright infringement and other intellectual property issues.
  4. Don’t Lose Sight of Non-”Cyber” Risks
    While many data breaches take place over digital networks, not all of them do. Data can be stolen from a briefcase in the backseat of an unlocked car, or a banker box in a storage closet. A good “cyber” policy should also cover non-digital data such as paper records.
  5. Consider the Cloud
    Some cyber insurance policies purport to limit the scope of coverage to an insured’s own acts and omissions. This is potentially problematic for any business that stores data on a third-party “cloud” network. Given the pervasiveness of cloud networks, it’s important to understand whether a policy excludes acts and omissions of third parties.

There are many issues that businesses must consider when investigating cyber insurance policies. There is no “one-size-fits-all” product out there. Finding the right policy to meet an organization’s needs requires a comprehensive, team approach, involving management, IT and legal. If you have any questions concerning cyber insurance, please contact us.

Authors

Categories

Recent Posts

Jump to Page

Foster Swift Collins & Smith PC Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek