Top 5 Cyber Insurance Tips

Top 5 Cyber Insurance Tips

Cyber insurance is confusing and becoming more difficult to secure. Insurance companies are gathering loss experience and adjusting underwriting and pricing accordingly. A cyber-attack is one of the most debilitating events that can occur to your business. It can cause anywhere from an inconvenience to a complete shutdown of your operations. A cyber incident can cause real monetary loss along with taking an exorbitant amount of your extremely valuable time. Cyber policies come with a team of experts to guide you through an event as well as resources to help you prevent an event from happening. Before you buy, please read these five helpful tips:


Expect the application to be detailed and use it as an assessment of your cyber practices. While insurance helps mitigate the business interruption and expense of a cyber-attack or data breach, it is best to do everything you can to avoid an incident. The application questions are based on each insurance company’s overall loss experience and updated continuously as cyber trends change. If you don’t understand a question, ask. Most of you will need help completing the application. The practices you employ will affect the availability and pricing of your insurance policy.

Some companies will issue a policy based on a review of your website and your annual revenues. Be wary of this. The policies may have exclusions, sub limits, etc. In most cases, the premium will be higher. A detailed renewal application may be needed, and renewal terms may change significantly.

Most importantly, a claim can be denied if the company discovers a question was answered incorrectly on the application.


Seriously? Yes, seriously. Cyber policies are not standard, and you need to understand what you are buying. It’s not just about the premium. What triggers a claim? Are expenses paid “on your behalf” or are you reimbursed after expenses are paid? Is social engineering covered? If yes, what is the limit? Are there conditions precedent to covering a claim? For example, some policies require you to place a call to verify a funds transfer before you transfer the funds. If you don’t call? No coverage. Does the quote include both First Party coverage (for expenses you incur as a result of an incident) and Third-Party coverage (for damages incurred by third parties as a result of the breach)? Are defense costs inside or outside of the limits of the policy?


The policies also come with benefits. Many include training materials and resources for you to develop a culture of cyber awareness. Depending on the source, human error causes 80-90% of cyber incidents. If humans are not constantly reminded of the exposure, your chances of experiencing an attack are much higher. Many offer a cybersecurity assessment.


The terminology matters and it changes from insurance company to insurance company. Ask for a claim’s scenario for each coverage part. Think about your exposure to loss and understand how each coverage would (or would not) respond.


Small businesses are the most vulnerable to an attack. Cyber criminals know this. Many claims are coming from businesses with 50 or less employees. If you connect to the internet, you are vulnerable. Don’t wait!

To download a PDF version of this blog, please click here:

Click here for PDF