Cyber crime and data breaches are more of a threat than ever before, and when it comes to cyber-related risks, business face two challenges. First, cyber risks are ever-evolving. What you thought was once a smart cyber policy is now outdated. Second, when trying to insure against the risk of cyber loss, policyholders are faced with a fragmented insurance marketplace.
In honor of Cyber Security Awareness Month, Anderson Kill, a law firm specializing in insurance recovery and captive insurance services, provides 10 tips for policyholders to maximize their chances of an insurance recovery from cyber-related losses. The 10 tips also are available as an infographic.
1. Cover all of your bases
Make sure your insuranace matches the way you conduct online business and process data. For example, there are insurance coverage implications if you use cloud computing or other computer vendors for hosting and processing data, Anderson Kill suggests.
Many cyber risk insurance policies can be tailored to reflect that the policyholder may delegate data management and hosting to third parties.
Next page: Cyber Loss, traditional claims
2. Cyber Loss, traditional claims
Do not rule out coverage for a claim under traditional business policies. If a cyber loss occurs, consider E&O, E&O, crime and general liability insurance coverage depending on the claim againg your company or the form of loss.
"We have had success in winning coverage for our clients for cyber-related losses under traditional coverage that is not expressly sold for cyber losses," Anderson Kill writes.
Next page: Watch out for vague and subjective clauses
3. Watch out for vague and subjective clauses
Avoid cyber insurance policy terms that condition coverage on the policyholder having employed "reasonable" data security measures. These clauses are so vague and subjective that they are bound to lead to coverage fights, Anderson Kill says.
Further, hindsight is 20/20. Given that technological innovations move at lightning speed and cyber risk's changing natures, a cyber practive that was reasonable two months ago may now look reckless.
Next page: Careful with credit cards
4. Careful with credit cards
If you possess or process consumer or business credit card information, make sure that you have insurance coverage for fraudulent card charges and credit card brand assessments and fines–they can be large exposures when there is a significant data breach. Don't believe us? Read PC360′s list of "Top 10 data breaches in the last 12 months" and check how many of them involved credit cards.
Next page: Protect personal ID
5. Protect personal ID
If you do business with individual consumers and obtain their personal identifying information, ensure that you have coverage (including attorney fees coverage) for the inevitable expenses of responding to informational inquiries and formal proceedings that ensue from state attorneys general, the Federal Trade Commission and others when a breach occurs, which often involves residents of several states.
Next page: Keep an eye on mobile devices
6. Keep an eye on mobile devices
More and more employees can access company software and systems through tablets, smartphones and PCs. Ensure that your cyber insurance covers breaches arising from mobile devices, and with the popularity of BYOD, these devices may or may not be connected to the company's computer networks. The ever-growing size of hard drives and the availability of portable drives mean that some employees may create security risks, even when the devices is not logged onto the company servers.
Next page: Be thorough with applications
7. Be thorough with applications
Complete insurance applications carefully, including D&O applications. Underwriters will focus more on computer risk areas, and insurance application responses often are used again policyholders to contest insurance claims.
Next page: Avoid exclusions
8. Avoid exclusions
Avoid policies with contractual liability exclusions. These claims often are made in conjunction with statutory claims, negligence claims adn other forms of relief, and policyholders are best off not enduring a huge allocation fight over what portion of the claim is covered in the eyes of the insurance company, Anderson Kill writes.
Next page: Choose your broker wisely
9. Choose your broker wisely
If you are buying or renewing specialty cyber insurance policies, ensure that you are workign with an experienced broker. At present, there is not "uniformity of product in the cyber insurance marketplace, and terms are open for negotiation," the firm says.
Next page: Provide notice quickly
10. Provide notice quickly
Immediately after becoming aware of a breach, provide notice to your broker and insurers. Early in the process of responding to a breach, the meter will be running on costs. When you have a breach situation, every second counts and you will incur costs quickly for the services of computer forensics, attorneys and other consults. Providing proper notices and advising of these costs can increase the odds of recovering these losses from your insurers.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.