Interest in Cyber coverage continues to grow as businesses get a more solid handle on the myriad risks to their information security. More companies are shopping for policies to help protect their interests, but finding the right carrier and the right product shouldn't be left to chance.
Few businesses can successfully navigate the Cyber coverage realm. Because of the wide variety of products on the market, understanding each company's needs and finding the best policy requires a knowledgeable agent who can aid in identifying risk areas that the business owner may have overlooked and helping to put realistic security measures in place.
There are four common mistakes many insureds make when purchasing a Cyber policy. Fortunately, by knowing the pitfalls, savvy agents and brokers can help businesses avoid making the wrong choices. With all the necessary information in hand, the agent will be able to connect clients with coverage that is perfectly in tune with their needs.
Misstep 1: Selecting the wrong policy terms.
Carriers offer policies targeted at businesses in a host of sectors and at every risk level. Because no policy is a one-size-fits-all solution, business leaders need to fully understand what data their companies collect and store, and find the coverage that is most appropriate. An experienced agent can ask clients the right questions to determine their risk profiles, including:
-
What sort of risks does the company face today, and how do executives expect those risks to evolve as their business grows?
-
What is the nature of the digital assets managed by the organization, and where are those assets stored?
-
Who has and will have access to those assets? Consider sources internally and externally, such as vendors.
-
Has the business taken advanced steps to protect its network from intrusion and its data from theft or loss?
-
In the event of a breach, whether as a result of a deliberate hack or an inadvertent exposure, what are the potential impacts to the organization and its business?
Misstep 2: Not knowing the details of their policies.
Even after shopping around for the right carrier and crafting the best coverage solution for the company, it's imperative that business owners and operators review and understand not only what's covered, but also any applicable exclusions. If a company makes incorrect assumptions about what its policy will and won't cover, it could be financially devastating.
For example, check coverage to know if legal fees are included in the event of a lawsuit filed by a data breach victim. Will expenses be covered for outside IT or other technical resources if the network is compromised? If data isn't protected by encryption, will the policy exclude it?
Fortunately, businesses don't need a legal team to decipher the details of their Cyber coverage. Instead, as their agent or broker, you can review their existing policies in their entirety and provide guidance as to what is covered and what may not be, and why.
An experienced agent will be able to identify additional coverages that may mitigate specific risks, while also offering options to close any gaps created by exclusions. This can be accomplished through complementary policies targeted at specific risk areas or by bolstering the business' existing security measures.
Misstep 3: Purchasing a policy with inadequate limits.
A business that chooses a policy with limits that are either far above or below its specific needs will not be well served by that policy. That's why carriers typically offer different limits designed to suit the requirements of various-sized businesses, in different sectors and with different risk profiles. Consider budget limitations, in addition to the organization's ability to shoulder the financial burdens that commonly follow a breach.
A low-limit policy could leave a higher-risk company with significant financial obligations, particularly in the event of a large-scale breach. For example, retailer Target, which processes huge volumes of credit card and other consumer data, sustained an estimated $191 million in exposure costs after its breach.
Because every company's risks are different, a generic policy may leave a business seriously exposed if a security event occurs. As an agent or broker, you can advise customers if the proposed policy limits are right for their situation and point them toward an option best suited for them.
Misstep 4: paying too little attention to the application.
Too often, insurance is seen as an obligation of doing business rather than as a vital tool in addressing potential risks. Business operators may be busy, but agents should ensure that they review any Cyber policy application closely and answer the questions truthfully. The more information the organization provides and the more detailed its responses, the more likely it will be matched to the correct coverage solutions. Depending on the business and its risk profile, this may include submitting information about existing network security measures, employee training protocols and the organization's incident-response plan.
The potential fallout from giving the application short shrift can be significant. Policyholders may find they are vulnerable to unanticipated financial burdens if they suffer a breach. If an answer is found inaccurate in an application, it may even lead to a policy being rescinded. Agents must work with clients to produce an application that is thorough and accurate, so the carrier may evaluate it properly.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.