Roberta D. Anderson, a partner at K&L Gates LLP in Pittsburgh, recently said that there are roughly 40 to 50 insurers currently offering multiple cyber products – all of which are different. According to Anderson, “just a few words can make all the difference,” in whether or not a policyholder has great coverage or not.
Some industries have been hit hard by cyber attacks, like point-of-sale retailers, who have seen retention’s and premiums increasing by about 100%. Others are “relatively unaffected, and coverage is getting broader,” said Anderson. She also stressed that policies should be extended to cover paper records and rogue employees who help facilitate data breaches.
Anderson also pointed out the importance of sublimits, “because a $10 million primary policy is likely to have a $2 million or $5 million sublimit for regulatory actions, and policyholders want to make sure there is coverage available for fines and penalties to the extent permissible by law.”
She recommended that companies use National Institute of Standards and Technology’s cyber framework, which she argued “is a really good vehicle for companies to get a good handle on the current state of cyber risk management,” and may soon “become a de facto standard for risk management.”