Cyber Risk Insurance (also called Privacy, Network Security or Data Breach insurance) is getting significant consideration by most small and medium sized organizations, but many organizations do not know how to evaluate it. We have provided information on Cyber Risk insurance in prior posts (see here, here & here). In addition, here are a few of our tips for helping your customers consider and buy Cyber Risk insurance.
- Identify cyber exposures, particularly unique exposures. Virtually all organizations have some type of cyber exposure, but the exposures can differ greatly. What are the key exposures, and does the client have any unique characteristics that create exposures?
- Be clear what the coverage objectives are. Cyber Risk policies are not the same, and matching coverage with need is critically important.
- Provide good information. Underwriters still have a difficult time underwriting and rating accounts due to a lack of detailed, credible loss statistics. Giving accurate and clear information is helpful in obtaining competitive proposals.
- Get proposals from multiple insurers. Because forms, underwriting and rating approaches are different, costs and terms can vary significant and are not always consistent. And beware of endorsements on GL policies – the coverage is often narrow.
- Use a Cyber Risk expert (shameless plug: like us!).
- Buy the product that you need. It is critically important to obtain the terms that match the specific needs of the organization, including customized terms. And review policy exclusions that might have an impact. The least expensive is not usually the best buy.
- Buy the limit you need. Estimate the exposure and make sure there is enough limit to cover it, particularly for data breach notification costs. Some policies have sub-limits, others have varied definitions, and realistic costs are difficult to project.
One of the challenges in buying Cyber Risk insurance is the amount of inaccurate information. Cyber Risk insurance policies are not all the same, and there is no best policy for all organizations. Here are some articles to review, but note that some of the information regarding the Cyber Risk market is not correct:
Cyber Risk Insurance is not difficult to explain to potential clients, and at least basic protection should be in place. As a wholesale broker, we provide Cyber Risk Insurance to all types organizations through retail insurance agents and brokers.