6 Best Practices to Ensure Success When Purchasing Cyber Insurance

Published: July 13, 2016 by Michael Bruemmer

BYOD - Bring Your Own Device
Hopefully, by now you’re convinced of the value of cyber insurance. In case you’re not, here’s a brief recap of the advantages of having a cyber insurance policy in place prior to a data breach:

  • Reduce the per-record cost of a data breach by $4.40, according to Ponemon Institute’s 2015 Cost of a Data Breach report.
  • Curb the risks of reputational damages resulting from a data breach.
  • Minimize potential business interruption.
  • Allow for a faster, more effective data breach response and notification to affected customers.

Although 30 percent of businesses still do not have cyber insurance, interest in this type of data breach protection is growing, a study by Hartford Steam Boiler Inspection and Insurance Co. indicates. The Insurance Journal reports an HSB poll found 50 percent of American businesses have bought cyber insurance for the first time or increased their level of coverage in the past year. Among those that still don’t have it, the majority (44 percent) cited perceived complexity as the top reason they hadn’t yet made the purchase.

Clearing up confusion with best practices

Insurance can be confusing, and cyber insurance doubly so. Business that go in search of cyber insurance must often navigate a confounding array of choices, including policy types, terms, conditions, prices and exclusions. In order to help shelter your company from the worst detriments of a data breach, Experian Data Breach Resolution offers these six best practices for buying cyber insurance:

  • Involve your cybersecurity team in the evaluation and purchasing process. These professionals know best the risks your company faces and can advise on the type of incidents that should be covered in your cyber insurance policy.
  • Establish strong cyber security measures so that you’re negotiating with insurers from an established position of strength. Just as drivers with a clean driving record are more appealing to auto insurers and often qualify for the best rates, companies that have a strong cyber security position will be more attractive to cyber insurance underwriters.
  • Work with a knowledgeable broker to evaluate differences in policies, coverages, exclusions and prices. A broker can help you understand if a policy will truly cover the risks your cyber security team has identified as most pressing.
  • Pay close attention to deductibles and exclusions. Headline-grabbing mega breaches may be increasing in frequency, but the majority of breaches still remain small. Before buying a policy, it’s important to understand your risk of experiencing a small breach, and if the proposed deductible will effectively exclude coverage for a smaller breach.
  • Ensure the policy includes coverage for vendors. Use of third-party cloud services and other technology providers is common. Will the policy cover incidents that involve an outside vendor?
  • Focus on coverage for data breach response services. Data breach response is costly. Your policy should cover vital response services, and clearly stipulate whether you’ll have to use response providers chosen by the insurer or if you’ll be able to choose your own.

Buying cyber insurance is a critical component of any company’s data breach response preparedness. These best practices can help ensure your company’s cyber insurance policy will provide the protection you need when a data breach or other serious cyber incident occurs.

Legal Notice: The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality information but make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specific circumstances of each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.