Content, Security Program Controls/Technologies, Channel investors

Cyber Insurance: 5 Tips for Purchasing the Right Coverage

Cyber insurance helps protect businesses against financial damage associated with data breaches, malware, ransomware and other cyberattacks. As such, many IT security professionals are purchasing cyber insurance policies to help protect their organizations against financial losses related to rapidly evolving cyber threats.

Although cyber insurance is quickly becoming a must-have for many businesses, it is important to note that not all cyber coverage is created equal. And if IT security professionals fail to purchase the right cyber coverage, they may put their respective organizations in danger.

Fortunately, there are many quick, easy ways to ensure a cyber insurance policy matches the needs of any business, at any time.

International law firm Covington & Burling LLP recently provided The National Law Review with the following recommendations to help IT security professionals purchase the right cyber insurance coverage. Here's a summary:

  1. Push your limits. Cyber insurance limits are available up to $500 million. Meanwhile, it generally is a good idea to purchase cyber insurance with the highest limits available to ensure maximum financial protection against cyberattacks.
  2. Understand your sublimits. Cyber insurance policies may put a cap on certain types of losses; for example, a cyber insurance company may sublimit coverage for regulatory and Payment Card Industry (PCI) expenses related to a payment card breach. However, IT security professionals who review a cyber insurance policy and its endorsements closely can negotiate as few sublimits as possible.
  3. Negotiate the retroactive date. In many instances, a cyber insurance policy will exclude losses related to cyberattacks that occurred before a specified "retroactive date," regardless of when these losses are discovered. IT security professionals should negotiate the earliest retroactive date possible for a cyber insurance policy; sometimes, these professionals can negotiate a retroactive date up to one year earlier.
  4. Get legal support during the application process. Even a single mistake on a cyber insurance policy application may cause an organization to miss out on cyber coverage down the line. IT security professionals should work with an organization's legal department to ensure successful completion of the application process.
  5. Deploy internal risk management procedures. With internal risk management procedures in place, IT security professionals can effectively review a cyber insurance policy. Also, these professionals can keep track of a policy's renewal date and identify any necessary coverage changes.

Ultimately, IT security professionals are responsible for knowing exactly what they are buying before they purchase cyber insurance, Covington & Burling indicated. If IT security professionals conduct a comprehensive review of all of the cyber insurance options at their disposal, they may be better equipped than ever before to make an informed purchase decision.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.