Getting The Right Cover For Cyber-Risks
Insurance is the final stage of a corporate digital risk management strategy.
Insurance is an essential element for business survival for every type of company. Whatever you do, people will always find ways of getting around any security that you implement, if they want to, and cyber-security is no exception.
Some companies are still unaware that their existing insurance cover probably does not protect them against their new risks. New legal liabilities and the unprecedented emergence of new vulnerabilities mean that digital risks are now specifically excluded from standard commercial general liability policies.
The only way any business can operate prudently is to ensure that this insurance is in place.
Those companies that do not mitigate their risks will quickly find that they will not be able to get digital risk cover. That being said, a business can learn a lot about security best practices from observing the risk mitigation that an insurer requires in order to provide coverage, regardless of whether they ultimately decide to purchase a policy.
Factors to take into consideration when deciding what insurance to buy and the limits required include:
Turnover and number of employees.
Size of largest contract (where appropriate).
What types of insurance you must legally buy.
Loss scenarios highlighted by the results of your risk assessment and mapping out potential vulnerabilities.
Results of your cost/benefits analysis, e.g. cost of downtime; size of potential liability claims; cost to reconstitute lost of damaged data; cost of additional risk management above and beyond what is required by an insurance policy.
Potential cost of defending and investigating a claim against you.
Views of professional organizations you have consulted.
Insurance limits purchased by peers.
Recommendations of insurance advisors.
Policy terms and conditions.
How much of an excess you are willing to apply to your policy.
Companies should review existing insurance provisions in conjunction with their corporate insurance advisors. They should also identify which type of coverage is a) required by law b) sensible to have in place.
Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, June 17, 2002. Copyright 2002 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.