Interest in Cyber coverage is growing as businesses recognize themyriad risks that threaten their data security. More companies areshopping for policies to protect their interests, but finding theright carrier and the right product shouldn't be left tochance.

|

There are four common mistakes many insureds make when lookingfor a Cyber claims provider:

|

Mistake No. 1: Choosing the wrong policy.

|

There is more variation in the Cyber coverage marketplace everyday, with carriers offering policies targeted at businesses in ahost of sectors and at every risk level.

|

Because no policy is one-size-fits-all, business leaders need tounderstand their organization and find the policy that is mostappropriate for their situation. An experienced agent can askclients relevant questions to determine their risk profile:

• What sort of risks does the company face today, and how arethose risks expected to evolve as the business grows?
• What is the nature of the digital assets managed by theorganization?
• Who will have access to those assets? Consider sourcesinternally and externally, such as vendors.
• Has the business taken the right steps to protect its networkfrom intrusion and its data from theft or loss?
• In the event of a breach, whether as a result of a deliberatehack or an inadvertent exposure, what are the realistic impacts onthe business?

The Cyber coverage realm is one that very few businesses cansuccessfully navigate alone. Because of the wide variety ofproducts on the market, understanding each company's needs andfinding the best policy typically requires a knowledgeableagent.

|

|

|

(Image: Thinkstock)

|

Mistake No. 2: Not knowing the details of thepolicy.

|

Even after shopping around for the right carrier and selectingthe policy that best matches the organization's requirements, it'simperative that business owners and operators review and understandnot only their new policy's coverages, but also any applicableexclusions.

|

If a company makes incorrect assumptions about what its policywill and won't cover, it could be devastating financially.

|

Are legal fees included in the event a data breach victimdecides to sue? Will expenses be covered for outside IT or othertechnical resources if the network is compromised? If data isn'tprotected by encryption, will the policy exclude it?

|

Related: Cyber risk survey finds majority of businesseswhere hacked in 2014

|

An experienced agent will be able to help identify additionalcoverages that may help mitigate specific risks and offer optionsto close any gaps created by exclusions in the policy. This mightbe accomplished through complementary policies targeted at specificrisk areas or through bolstering the business's existing securitymeasures.

|

|

|

(Photo: Thinkstock)

|

Mistake No. 3: Buying a policy with the wronglimits.

|

A business that chooses a policy with limits that are either farabove or below its specific needs will not be well served by thatpolicy. That's why carriers typically offer several flavors ofCyber coverage with different limits designed to suit therequirements of companies of different sizes, in different sectorsand with different risk profiles.

|

Because there are so many options, each policy's limits shouldbe tailored to the risks the organization faces and its anticipatedneeds should an exposure occur. Budget limitations must also betaken into account, as well as the organization's ability toshoulder the financial burdens that commonly follow a breach.

|

A low-limit policy could leave a higher-risk company withsignificant financial obligations, particularly if a breach islarge.

|

For example, the costs related to the exposure experienced byretailer Target, a business that processes huge volumes of creditcard and other consumer data—which is highly sought by hackers,have reached an estimated $191 million. Only a fraction ofthat is covered by insurance.

|

Because every company's risks are different, a generic policymay leave a business seriously exposed if a security event occurs.A knowledgeable agent will be able to advise a customer if theproposed policy limits are right for the organization'ssituation.

|

|

 

|

(Photo: Thinkstock)

|

Mistake No. 4: Not paying attention to theapplication.

|

Too often, insurance is seen as an obligation of doing businessrather than as a vital tool in addressing potential risks. Businessoperators may be busy, but they should review any Cyber policyapplication closely and answer the questions truthfully.

|

The more information the organization is able to provide and themore detailed its responses, the more likely it will be matched toa policy that's just right. Depending on the business and its riskprofile, this may include submitting information about existingnetwork security measures, employee-training protocols and theorganization's incident response plan.

|

Related: Zurich released 5th annual Advisen cyber risksurvey

|

The potential fallout from giving the application short shriftcan be significant. A policyholder may be vulnerable tounanticipated financial burdens if a breach happens. If an answeris found to be inaccurate in an application, it may even lead to apolicy being rescinded. Agents must work with clients to produce anapplication that is thorough and accurate, so the carrier canevaluate it properly.

|

Joe Salpietro is a Cyber claims manager for IDT911.

How can you transform your risk managementpreparedness and response strategy into a competitiveadvantage? Introducing ALM's cyberSecure — Atwo-day event designed to provide the insights and connectionsnecessary to implement a preparedness and response strategy thatchanges the conversation from financial risk to competitiveadvantage.  Learnmore about how this inaugural event can help youreduce risk and add business value.