Clearly the ongoing challenges of data breaches are continuing to cost businesses millions of dollars. The question is now not “if” but “when” a company will be attacked.
In fact, according to the Ponemon Third Annual Study on Data Breach Preparedness, only 35% of organizations had a data breach or Cyber insurance policy in 2015, and many more are now looking to buy policies.
In order to secure the best coverage option, companies must work with their brokers to evaluate policies, as well as take steps to assess their cyber risks and reduce the overall cost of insurance.
Here are three tips exerpted from an article in PropertyCasualty360 with great tips for risk managers to keep in mind when working with brokers to select a Cyber insurance policy:
Work with your broker
Companies need to properly evaluate policies to ensure they are getting coverage that meets their risk profile.
In speaking with companies and Cyber insurance brokers who have been through the process of buying coverage, these are the key aspects to look for in a policy:
- Coverage for crisis response services including forensics, legal and data breach resolution partners that are well established and are experts in the industry.
- Coverage for third-party cloud or other IT providers who have access to sensitive information of the covered company.
- Risk management services ahead of an incident that can help the company more effectively prepare for managing security or privacy incidents.
Overall, be sure to obtain a top quality broker that understands the coverage landscape and can help you navigate through the range of options presented based on an understanding of your company and your industry.
Ask smart questions
The early insurers in the Cyber insurance market have been around for more than 10 years, but because of the high-profile retail and healthcare breaches over the past 18 months, we have seen an uptick in new players in the market. Because of the increase in providers, companies should be sure to ask questions when deciding between policies to ensure that they’re selecting coverage best suited for their needs. Questions your broker should ask insurers include:
- What is the breadth of coverage and what exemptions are in the policy? Do they demonstrate a clear understanding of the real risks this company faces from security threats?
- How much loss experience does the insurer have in this area? Has the insurer paid actual data breach claims and covered other previous, major incidents?
- Does the insurer have specific policies that account for the risks or needs of your organization’s industry?
Many older generations of Cyber policies contained exclusions that would make that coverage noncompetitive in today’s marketplace. It’s important to cover all the aspects of a response, both pre- and post-breach, and dig into what’s really included and excluded in a potential future loss.
Ultimately, companies will benefit greatly from cyber insurance if they are informed about their security risks, educated on the variety of policies available and aware of the coverage they need. Just remember, it is your responsibility to be an educated buyer. Following these three tips when working with your broker can help ensure you get a policy that fits your organization.
Dean and Draper
We welcome your questions about cyber insurance and the changes in coverage.
The recommendation(s), advice and contents of this material are provided for informational purposes only and do not purport to address every possible legal obligation, hazard, code violation, loss potential or exception to good practice. Dean & Draper Insurance Agency specifically disclaims any warranty or representation that acceptance of any recommendations or advice contained herein will make any premises, property or operation safe or in compliance with any law or regulation. Under no circumstances should this material or your acceptance of any recommendations or advice contained herein be construed as establishing the existence or availability of any insurance coverage with Dean & Draper Insurance Agency. By providing this information to you, Dean & Draper Insurance Agency does not assume (and specifically disclaims) any duty, undertaking or responsibility to you. The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.
©2016 Dean & Draper Insurance Agency All Rights Reserved.
Sources:
To read the full article, click here. PropertyCasualty360
Mark Greisiger is president of Gladwyne, Pa.-based cyber risk assessment and data breach services company NetDiligence. Contact him at mark.greisiger@netdiligence.com.
Michael Bruemmer, CHC, CIPP/US, is vice president of Dublin-based Experian’s Data Breach Resolution group. Contact him at michael.bruemmer@experian.com. PropertyCaluaoty360