🔒10 Things I know about … Buying cyber insurance

10) Still a novel concept. Not all insurance firms underwrite cyber insurance. Your carrier should offer to conduct a full security assessment on your network. 

9) Determine your cyber risk. Determine the nature of risks like storage of personal information, wire transfers, liabilities, cost of downtime, loss of stakeholder confidence, reputation or business, to identify the right type of insurance to buy.

8) Examine policy terms carefully. Ascertain terms matching your risk tolerance. Don’t skip the fine print. Understand all provisions. Definitions might differ; what constitutes a security event can vary.

7) Be certain it’s right for your needs. Cyber-insurance policies are not one-size-fits-all. A policy will only serve you well if it’s an appropriate fit.

6) Business interruption. Any business can benefit from BI coverage. Expect a waiting period prior to the coverage start date. Ask if the policy covers cyber attacks.

5) Contingent business interruption. This useful policy is designed to offload financial losses if a business partner is unable to transact due to a cyber incident.

4) Ensure you’re crystal clear about exactly what comes with the policy. Your existing insurance may cover some cyber attacks. Access to professionals is particularly important for small companies lacking adequate resources.

3) Know your responsibilities. Know who to notify after a breach, what steps to follow, and ready an incident response plan.

2) Retroactive cyber policy: What if you discover someone has been infiltrating your system for months prior? Does the policy cover? Know to follow all policy requirements such as technical controls, ransomware protection, documented cyber programs, compliance papers, user awareness training, etc. Otherwise, a policy could be voided.

1) Put together a smart team. Find an able cybersecurity partner to build your program. Work with cyber-knowledgeable people when filing the application to ensure success.