Cyber insurance is the fastest growing insurance product today, it's development spurred on by several large data breaches covered in the news the past year and a half. As with any new product/service, there is a lot of variation and evolution in the coverage; here is what you need to know:
1). As a name, cyber insurance is poorly descriptive:
most "cyber" insurance policies respond to breaches of confidentiality even if they have nothing to do with electronic data - for example, a box of misplaced (paper) medical records. While data breaches have brought cyber insurance into the limelight, confidentiality is not the only exposure the policies respond to; most insurers provide options to buy coverage which also responds to availability, including business interruption, the loss of valuable data, and even extortion or your computer system. Talk to your broker/agent or the insurer themselves about which coverages are right for your business, and make sure the coverage addresses your business' concerns.
2). Cyber insurance is not a replacement for an information security program.
Purchasing coverage can be prohibitively expensive without basic risk management in place, but becomes very cost effective as further technical controls become more expensive and offer less risk reduction. Most insurers will tell you how they see your risk, and what mitigating practices they are looking for. As well, a few carriers offer not only the risk transfer inherent in the insurance, but also "loss prevention services" which they offer their insureds to improve their risk profile.
3). Coverage particulars vary from carrier to carrier.
As the policies adapt to address evolving technology and risk. While the first cyber policies appeared over 15 years ago, coverage considered vital by many today wasn't even available as little as three years ago. It's important to work with an agent/broker who has experience placing the policies to make sure the coverage fits your risk appetite and needs. Just like companies' risk appetites vary, not all cyber insurers see the same exposure - say, hospitals - the same way; work with your agent/broker and/or the insurers themselves to see how long the carriers behind the proposals you receive have been writing risks like yours, and how they view the risk landscape in your industry. The cheapest policy is not always the right one: coverage is a big differentiator due to the variations in the form, and it's important that the insurer is committed to your industry.
is proud both to have been one of the first insurance carriers to offer cyber insurance policies, and to continue to support the market as a leading cyber insurer. Talk to you agent/broker about the coverage enhancements we offer to address technology's newest exposures, and our suite of loss prevention services to help clients manage their information security risk.
Author: Tracie Grella, AIG Head of Professional Liability and Cyber Risk
Want to learn more? Watch this webinar on-demand