Most organizations know they need insurance to cover risks to the organization’s property like fire or theft, or their risk of liability if someone is injured in the workplace. But, a substantial portion of organizations don’t carry coverage for data breaches despite numerous high profile breaches. While many insurance companies offer cyber insurance, not all policies are created equal.
24%
Percentage of companies that had cyber-insurance.1
|
64%
Percentage of companies that believed their exposure to cyber risk would increase in the next 24 months.2
|
43%
Percentage of companies that did not plan to purchase cyber insurance in the next 24 months.3
|
Why is buying cyber insurance difficult?
-
There is little standardization among competing policies; as a result it is hard to comparison shop.
-
Policies’ exclusions often swallow coverage; as a result, assessing the value of a policy is difficult unless you have extensive experience with the types of liabilities that arise following data breaches.
-
Policies often cover security but not privacy risks.
Items to review when shopping for cyber insurance:
-
Do the sub-limits on coverage match the corresponding risks?
-
Does the policy include sub-retentions (sub-deductibles) that are unlikely to be reached?
-
Does exclusion prevent payment for the largest risks, g., charges that arise following a credit card breach, common theories alleged in class actions, etc.?
-
Is voluntary notification of affected consumers covered?
-
Will credit monitoring for affected consumers be covered?
-
Who does the insurer have on panel for legal representation, forensic investigations, and/or crisis management?
[View source.]