Five things your cyber insurance may not cover

 In Cyber Security Articles

Cyber insurance should be an absolute essential for IT security professionals to consider.

Cyber insurance is a much-needed additional level of protection to complement existing security practices. It is a relatively new concept, with it gaining attention for around a decade. However, it is not yet uniform. A study found that only about one third of US companies currently have cyber insurance.

But, with nearly 19,000 records being lost or stolen every five minutes and numbers increasing, any technology-reliant company needs to invest in cyber insurance. A cyber insurance policy transfers the risk should you be the victim of an attack. It covers the costs of recovery and crisis management. This could include investigations, legal costs and fines, data recovery and repairing any damaged kit. In addition, with GDPR coming into force next month, it will become mandatory to notify the ICO and data subjects of any breach. This can be incredibly costly but a robust cyber insurance policy should cover it.

However, a cyber insurance policy may not cover all eventualities. There are some loopholes you will need to consider before signing up for a particular policy. It may be that your company does not require some potential added extras. Or, an essential requirement could could easily be overlooked. Here’s our guide on what to consider when taking out cyber insurance.

A policy may not cover third-party service providers

Most companies will use third-parties to look after aspects of their business practice. This is particularly the case when it comes to technology, hardware and cyber security. It is important to ensure you are covered when it comes to how third parties use, access and manage data. Even if a data breach is the result of a contractor, you could still be liable under GDPR.

A policy may rely on existing cyber security measures

It’s standard procedure to be asked about existing online security activity when taking out a cyber insurance policy. If you say you carry out regular data audits and train staff on latest security developments, then make sure you actually do so. Failing to do so could leave your cyber insurance invalid in the event of an attack.

A policy may not cover all types of cyber attack

Just like travel insurance may not cover you in the event of a natural disaster, cyber insurance may have certain exclusions such as war, invasion or terrorism. If you think this is something your company may be vulnerable to, consider protection which covers you for these areas. This could mean a specialist policy or paying a higher premium.

Policies for patent, software and copyright infringement

You may find that some exclusions in your cyber insurance policy are covered in other types of business insurance. A loss, violation or abuse of copyright should be covered by intellectual property insurance. However, data attacks are not commonly covered by general liability insurance so a specialist policy may be required too. Some cyber insurance policies will include an additional clause about this. Check the small print to see if they offer support for such issues.

A policy may not cover accidental data breaches

Lots of home content insurance policies are invalid if a burglar enters through an open window. Your cyber insurance policy may suffer a similar fate if someone within your company falls foul to phishing or does not consider online security. Some accidental attacks can also go unnoticed for a long period of time. But, some policies may only cover attacks when reported within a certain time frame. Keep on top of regular cyber security basics to avoid an attack slipping under the radar.

The best way to ensure that your cyber insurance policy covers all that you need it to is to determine what type of incidents you are at risk of. Circulate this list amongst your teams, suppliers and partners. Then, contact a specialist broker to see what options are available.

Contact the experts here at Link IT to find out how to get the right cyber insurance policy for you and your business.

Start typing and press Enter to search

The Facebook data scandal has been dominating the headlines. News broke last month that the social media giant harvested personal information about up to 87 million of its users without permission. Click to find out more on our blog.Companies need to consider both GDPR and cyber security and how they can work together for them on a practical level. Click to find out more information on our blog.