Five things your cyber insurance may not cover
Cyber insurance should be an absolute essential for IT security professionals to consider.
Cyber insurance is a much-needed additional level of protection to complement existing security practices. It is a relatively new concept, with it gaining attention for around a decade. However, it is not yet uniform. A study found that only about one third of US companies currently have cyber insurance.
But, with nearly 19,000 records being lost or stolen every five minutes and numbers increasing, any technology-reliant company needs to invest in cyber insurance. A cyber insurance policy transfers the risk should you be the victim of an attack. It covers the costs of recovery and crisis management. This could include investigations, legal costs and fines, data recovery and repairing any damaged kit. In addition, with GDPR coming into force next month, it will become mandatory to notify the ICO and data subjects of any breach. This can be incredibly costly but a robust cyber insurance policy should cover it.
However, a cyber insurance policy may not cover all eventualities. There are some loopholes you will need to consider before signing up for a particular policy. It may be that your company does not require some potential added extras. Or, an essential requirement could could easily be overlooked. Here’s our guide on what to consider when taking out cyber insurance.
A policy may not cover third-party service providers
Most companies will use third-parties to look after aspects of their business practice. This is particularly the case when it comes to technology, hardware and cyber security. It is important to ensure you are covered when it comes to how third parties use, access and manage data. Even if a data breach is the result of a contractor, you could still be liable under GDPR.
A policy may rely on existing cyber security measures
It’s standard procedure to be asked about existing online security activity when taking out a cyber insurance policy. If you say you carry out regular data audits and train staff on latest security developments, then make sure you actually do so. Failing to do so could leave your cyber insurance invalid in the event of an attack.
A policy may not cover all types of cyber attack
Just like travel insurance may not cover you in the event of a natural disaster, cyber insurance may have certain exclusions such as war, invasion or terrorism. If you think this is something your company may be vulnerable to, consider protection which covers you for these areas. This could mean a specialist policy or paying a higher premium.
Policies for patent, software and copyright infringement
You may find that some exclusions in your cyber insurance policy are covered in other types of business insurance. A loss, violation or abuse of copyright should be covered by intellectual property insurance. However, data attacks are not commonly covered by general liability insurance so a specialist policy may be required too. Some cyber insurance policies will include an additional clause about this. Check the small print to see if they offer support for such issues.
A policy may not cover accidental data breaches
Lots of home content insurance policies are invalid if a burglar enters through an open window. Your cyber insurance policy may suffer a similar fate if someone within your company falls foul to phishing or does not consider online security. Some accidental attacks can also go unnoticed for a long period of time. But, some policies may only cover attacks when reported within a certain time frame. Keep on top of regular cyber security basics to avoid an attack slipping under the radar.
The best way to ensure that your cyber insurance policy covers all that you need it to is to determine what type of incidents you are at risk of. Circulate this list amongst your teams, suppliers and partners. Then, contact a specialist broker to see what options are available.