Cyber Insurance is a quickly changing market. Because this a dynamic market, not all agents stay current in the product offerings. It is important to work with an agent who has training in cyber insurance! Below is a checklist of some key factors to consider when purchasing a Cyber Insurance Policy.
Examples
To help understand possible coverage issues, consider these examples:
Wire Fraud: Will you have coverage if an email is intercepted and you wire funds to a criminal, vs. your vendor? This does not represent theft, the fact that you authorized the wire to a criminal is an authorized act. In the last blog I mentioned definitions, it is important to understand terms such as theft, phishing, etc.
Work from Home: Many companies have rushed into work from home modes. A few concerns are, do you have coverage for employees using personal devices to connect to the company network? The conditions section of a policy typically requires all systems to run currently supported operating systems, be properly patched, and current malware solutions installed. If your employees are working from home, and have been for a few months now, are you sure the systems still meet the required conditions of the insurance policy you signed?
Your Company
Does your policy cover damage done by employee owned equipment connected to your network or systems used in your work from home program?
What are the requirements to be eligible for coverage? What organizational measures must you have in place to qualify for the policy? Examples: Security Awareness Training, Incident Response Plan, or an Information Security Policy.
What requirements must be followed for a claim to be covered? Examples: Time frame to report an incident, customers must be notified of an incident, or insurer must be involved in ransomware negotiations.
What parts of the business does the cyber insurance policy cover? Do subsidiaries or branches need to be named specifically in the policy?
What are the parameters around workstations? Does the policy refuse to cover workstations that are not patched and updated?
Cyber Insurance Policy
Is the cyber insurance policy separate from other insurance you already have? Cyber insurance dependent on a current policy could limit coverage.
Is there a waiting period for policy to take effect after contract is signed?
What types of data breaches are covered under the policy? Are there parameters around how the data was stolen for the policy to cover loss?
If a ransom is paid, will the policy reimburse the payment? Are there limits or parameters on ransom payment?
What is covered in a Phishing attack? Some policies have specific language around social engineering attacks, what is covered, and financial limits to these types of attacks.
Does the policy cover…
- Security breaches within your organization?
- Other companies you work with who process your data? Could be suppliers or vendors.
- Data loss due to employee misconduct?
- Acts of terrorism, acts of nation states, or purely international incidents?
- Data loss due to malware?
- Defacement of public facing website?
- Damages to a third party if your systems are taken over and used to hack other companies or individuals?
- Loss of earnings due to data, systems, or website being inaccessible?
- Any incident that exposes information, be that confidential or protected?
- Only data that is encrypted, or all data?
- Fines, sanctions, and penalties incurred by a regulatory agency?
- Expenses associated with legal or forensic work done after an incident?
- Cost of litigation, legal defense, and/ or cost associated with regulatory inquiries?
- Costs associated with affected customers? These could be customer notification, payment to affected individuals, and/ or coverage for settlements, damages, and judgements.
Insurance Company
Is the insurance provider accessible via phone 24/7/365?
Are there parameters in place that would increase insurance premium?
Quanexus IT Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.