Interest in Cyber coverage is growing as businesses recognize the myriad risks that threaten their data security. More companies are shopping for policies to protect their interests, but finding the right carrier and the right product shouldn’t be left to chance.
There are four common mistakes many insureds make when looking for a Cyber claims provider:
Mistake No. 1: Choosing the wrong policy.
There is more variation in the Cyber coverage marketplace every day, with carriers offering policies targeted at businesses in a host of sectors and at every risk level.
Because no policy is one-size-fits-all, business leaders need to understand their organization and find the policy that is most appropriate for their situation. An experienced agent can ask clients relevant questions to determine their risk profile:
- What sort of risks does the company face today, and how are those risks expected to evolve as the business grows?
- What is the nature of the digital assets managed by the organization?
- Who will have access to those assets? Consider sources internally and externally, such as vendors.
- Has the business taken the right steps to protect its network from intrusion and its data from theft or loss?
- In the event of a breach, whether as a result of a deliberate hack or an inadvertent exposure, what are the realistic impacts on the business?
The Cyber coverage realm is one that very few businesses can successfully navigate alone. Because of the wide variety of products on the market, understanding each company’s needs and finding the best policy typically requires a knowledgeable agent.
Mistake No. 2: Not knowing the details of the policy.
Even after shopping around for the right carrier and selecting the policy that best matches the organization’s requirements, it’s imperative that business owners and operators review and understand not only their new policy’s coverages, but also any applicable exclusions.
If a company makes incorrect assumptions about what its policy will and won’t cover, it could be devastating financially.
Are legal fees included in the event a data breach victim decides to sue? Will expenses be covered for outside IT or other technical resources if the network is compromised? If data isn’t protected by encryption, will the policy exclude it?
An experienced agent will be able to help identify additional coverages that may help mitigate specific risks and offer options to close any gaps created by exclusions in the policy. This might be accomplished through complementary policies targeted at specific risk areas or through bolstering the business’s existing security measures.
Mistake No. 3: Buying a policy with the wrong limits.
A business that chooses a policy with limits that are either far above or below its specific needs will not be well served by that policy. That’s why carriers typically offer several flavors of Cyber coverage with different limits designed to suit the requirements of companies of different sizes, in different sectors and with different risk profiles.
Because there are so many options, each policy’s limits should be tailored to the risks the organization faces and its anticipated needs should an exposure occur. Budget limitations must also be taken into account, as well as the organization’s ability to shoulder the financial burdens that commonly follow a breach.
A low-limit policy could leave a higher-risk company with significant financial obligations, particularly if a breach is large.
For example, the costs related to the exposure experienced by retailer Target, a business that processes huge volumes of credit card and other consumer data—which is highly sought by hackers, have reached an estimated $191 million. Only a fraction of that is covered by insurance.
Because every company’s risks are different, a generic policy may leave a business seriously exposed if a security event occurs. A knowledgeable agent will be able to advise a customer if the proposed policy limits are right for the organization’s situation.
Mistake No. 4: Not paying attention to the application.
Too often, insurance is seen as an obligation of doing business rather than as a vital tool in addressing potential risks. Business operators may be busy, but they should review any Cyber policy application closely and answer the questions truthfully.
The more information the organization is able to provide and the more detailed its responses, the more likely it will be matched to a policy that’s just right. Depending on the business and its risk profile, this may include submitting information about existing network security measures, employee-training protocols and the organization’s incident response plan.
The potential fallout from giving the application short shrift can be significant. A policyholder may be vulnerable to unanticipated financial burdens if a breach happens. If an answer is found to be inaccurate in an application, it may even lead to a policy being rescinded. Agents must work with clients to produce an application that is thorough and accurate, so the carrier can evaluate it properly.
Joe Salpietro is a Cyber claims manager for IDT911.