With data breaches becoming more extensive and expensive for companies to deal with, insurance carriers are increasing the availability of cyber insurance products and services. However, there is “little uniformity in language, definitions and terms of coverage” for the buyer, often leaving them confused and ill-prepared. To help increase knowledge of cyber coverage, Morris James LLP provides a list of considerations for purchasing cyber insurance:
- Not all policies are the same: Due to the lack of uniformity in cyber insurance policies, it is necessary to read them entirely and understand what certain policies do and don’t cover.
- Evaluate your risk: Before deciding on the appropriate cyber coverage to buy, one must first evaluate what the organization is currently doing to prevent cyberattacks and data breaches.
- What coverage or indemnities do you have from your vendors? Review your current contracts with your vendors. If they suffer a breach that affects you, will you be covered by their cyber-coverage?
- What are the policy’s sub-limits or deductibles and when are they applicable? While you might think you have adequate coverage, you may be at risk and responsible for “substantial deductibles or self-insured retentions before coverage kicks in.”
- Arbitration Clauses: Are there mandatory arbitration clauses regarding a dispute with the carrier? If so, where will arbitration be held and who is responsible for the costs?
- Does the policy cover first-party loss and third-party damage claims? It is crucial to evaluate your coverage and understand both first-party losses – your costs of responding to a data breach as well as third-party issues – “defense of claims, damages, regulatory responses and investigations, fines and penalties to others.”
- Where does cyber insurance fit in with other coverages? Understand how your cyber insurance “dovetails” with your other insurance policies such as D&O, E&O, and business interruption.
- Understand that cyber insurance likely does not cover everything: Cyber insurance can help protect against a data breach and reduce the costs of responding to one. However, there are some things a cyber policy often does not cover such as damages of reputation and a loss of customers.