When it comes to cyber-related risks, businesses face twoenormous challenges. First, cyber risks are by their very natureever-evolving, posing a greater and greater risk that is difficultto stay abreast of, let alone contain. Second, when trying toinsure against the risk of loss from cyber threats, policyholdersare faced with an insurance marketplace that is in flux andfragmented.   

Below is our list of 10 Tips for Policyholders to consider inmaximizing the chance of an insurance recovery from cyber-relatedlosses.

1. Make sure your insurance matches the way you conductonline business and process data. For example, there areinsurance coverage implications if you use cloud computing or othercomputer vendors for hosting and processing data. Many of the cyberrisk insurance policies available today can be tailored to reflectthe fact that the policyholder may delegate to third-parties datamanagement and hosting. 
2. Do not rule out coverage for a claim under traditionalbusiness policies. If a cyber loss occurs considerD&O, E&O, crime and GL insurance coverage depending on theclaim against your company or the form of loss. We have had successin winning coverage for our clients for cyber-related losses undertraditional coverage that is not expressly sold for cyberlosses.
3. Avoid cyber insurance policy terms that conditioncoverage on the policyholder having employed "reasonable" datasecurity measures. These clauses are so vague andsubjective that they are bound to lead to coverage fights. Further,given the lightning speed of technological innovation and amorphousnature of cyber risks, a cyber security practice that wasreasonable just months ago may look reckless with the benefit ofhindsight and the passage of time.
4. If you possess or process consumer or business creditcard information, make sure that you have insurancecoverage for fraudulent card charges and credit card brandassessments and fines—these can be large exposures when there is asignificant data breach.
5. If you do business with individual consumers and obtaintheir personal identifying information, make sure you havecoverage (including attorney fees coverage) for theinevitable expenses of responding to informal inquiries and formalproceedings that ensue from state attorney generals, the FTC andothers when a breach occurs (often implicating residents of severalstates).
6. Make sure that your insurance covers breaches arisingfrom mobile devices that may or may not be connected to thecompany's computer network. More and more employees canaccess systems through tablets, smart phones, and PCs. Theever-growing size of hard drives and ubiquity of portable drivesmean that some employees may create security risks, even when thedevice is not logged onto the company servers.
7. Complete insurance applications carefully, includingD&O applications. Underwriters will be focusing moreand more on computer risk areas, and insurance applicationresponses often are used against policyholders to contest insuranceclaims.
8. Avoid cyber insurance policies with contractualliability exclusions. Contractual liability claims oftenare made in conjunction with statutory claims, negligence claimsand other forms of relief, and policyholders are best off notenduring a huge allocation fight over what portion of the claim iscovered in the eyes of the insurance company.
9. If you are buying or renewing specialty cyber insurancepolicies, make sure that you are working with a very good andexperienced broker. There is not presently uniformity ofproduct in the cyber insurance marketplace, and lots of terms areopen for negotiation. A good broker can help get you the bestcoverage.
10. Provide notice to your insurance companies quicklyafter a breach. Early in the process of responding to abreach, the meter will be running on costs. When you have a breachsituation, every second counts, and you undoubtedly will incurcosts quickly for computer forensics, attorneys and otherconsultants. Providing proper notices and advising of these costspromptly can increase the odds of recovering these costs from yourinsurance companies.