Cyber Insurance Checklist: What You Should Keep in Mind When Buying Cyber Insurance

Buying cyber insurance for the first time can be daunting. Not only is there a lot of industry jargon, but understanding your coverages and how your business’s cybersecurity practices factor into the underwriting of your policy can be overwhelming. Here are some of the things that you should keep in mind.

Learn the Basics About Cyber Insurance

There are plenty of resources around the web to help you understand what cyber insurance is and help you get familiar with some of the terminology. You don’t have to be an expert by any means but knowing enough so you don’t get lost is helpful. 

To help SMBs get familiar with the industry, we’ve put together an original report, the 2020 State of the Cyber Insurance Market for SMBs with insights from the data we have collected through our experience providing cyber insurance and cybersecurity.

Understand Why You Need Cyber Insurance

People mainly buy cyber insurance for two reasons: to meet contractual requirements and to have a safety net in place in case of a data breach. 

If you’re trying to meet a contractual requirement, you’re probably just looking for a policy that meets your potential customer’s or partner’s requirements and comparing prices.

If you’re trying to protect your business from the potential financial ruin of a data breach, you’re probably focusing more on the coverages to make sure they’re comprehensive. You’ll also want to evaluate optional coverages to see if they’re applicable to your specific business risks.   

Evaluate Your Risk

Insurance premiums are typically priced based on your risk. It’s important to evaluate your organization’s cyber risk profile ahead of time to understand where your gaps lie. That way you can implement stronger cybersecurity measures to reduce your risk and lower your insurance costs. These are some of the questions you should be asking yourself as you evaluate the risks your company faces:

1. Does your company collect or handle sensitive information like payment card information (PCI), personally identifiable information (PII), or protected health information (PHI)?

The more sensitive and regulated data that you collect, the more at risk your company is. It’s important to have strong, holistic risk management in place. 

2. Is your customer information safe and secure?  

Make sure you’re following best practices in regards to encryption, data storage, backup and retention, as well as least privilege access.

3. Does your business rely heavily on confidentiality?

Law offices and healthcare organizations rely heavily on confidentiality and collect and store a significant amount of sensitive data, making them prime targets for cyber attacks.

4. Do you have a website or a web application that interacts with customers and stores login or other sensitive data? 

Web-based attacks are extremely common. Regularly scan your website and web applications for weaknesses that hackers exploit. You can do this with an automated web vulnerability scanner.

5. What third party vendors do you use and how much access do they have to your IT infrastructure and customer data?

You should hold your third-parties to the same cybersecurity standards as your own organization as you are exposed to the threats that they are exposed to. You might want to find coverage for mistakes made by third parties as well as contractually require them to have their own cyber insurance.

6. Do you allow your employees to bring their own devices? 

If you do, you should have a BYOD policy in place and use a mobile device management solution. You should also train your employees on best practices when using personal devices for company purposes.  

What is Your Budget?

How much can you spend on your premium? But even beyond that, do you have a rainy day fund that can help you cover the cost of a cyber attack? The average cost of a data breach is around $150 per stolen record. Will your coverage limit be able to cover enough of the costs so that your financial burden is lessened? 

If your coverage limit is appropriate, what can you or are you willing to pay for your deductible? This is similar to how you would evaluate an auto insurance policy. If you get into a car accident, are you comfortable paying the $1000 deductible before your insurance policy kicks in or would you rather pay more on your premium for a $250 deductible? 

How Does Your Policy Kick In?

Read through the terms, conditions, and exclusions of your policy carefully before you purchase. For example, what kind of triggers are there for coverage? A policy could focus on specific types of attacks or accidents rather than offering blanket coverage. This means that you wouldn’t qualify for coverage unless you met those triggers. 

Are there any exclusions to your coverage that pertains to your business practices? For example, some policies may exclude coverage for incidents that occur due to BYODs. If you allow employees to bring their own devices, then a policy with a BYOD exclusion will not be appropriate for your organization.

Make Sure Your Policy Includes the Coverages You Need

You should seek insurance coverages based on your specific business needs. For example, if you must comply with the Payment Card Industry Data Security Standard (PCI DSS), you should find a policy that helps cover PCI fines and penalties. 

Examples of cyber insurance coverages include, but are not limited to:

  • Business Interruption & Extortion: Cyber crimes and attacks could impact the day-to-day operations of your business, resulting in lost revenue. With this coverage, your policy covers loss of business, crisis management, and cyber extortion.
  • Customer and Employee Data Loss: Coverage areas include identity recovery, data compromise liability, and data compromise response expenses like fines and penalties.
  • Third Party Lawsuits: If your network is negatively affected by a security incident and it impacts a third party, then your policy will cover potential lawsuits. 
  • Payment Fraud: If you or your employees get deceived and end up transferring or diverting money to a fraudulent destination, then this covers funds lost in those scenarios.

Wrapping Up

Cyber insurance is the ultimate safety net for organizations should they experience a data breach. It transfers some of your risks to your insurance provider. However, cyber insurance is still a passive defense. It should complement a strong cybersecurity posture and program.

Ultimately, you’ll want to choose an insurance provider that grows with you and allows you to update your limits based on your needs. They should act as a partner. Here at Zeguro, we pride ourselves on our customer service. While the entire experience of buying cyber insurance with us is online for your convenience, if you have any questions or need assistance, our licensed team is here to help you find the best fit insurance solution for your organization. You can start your quote today here.

Zeguro is a cyber safety solution and insurance provider for small to mid-sized businesses (SMBs), offering a comprehensive suite of tools for risk mitigation and compliance, as well as insurance premiums that are tailored to the size, sector and profile of a company.
Learn more →

Start My Quote
Ellen Zhang
Written by

Ellen Zhang

Digital Marketing Manager

Enthusiastic and passionate cybersecurity marketer. Short-story writer. Lover of karaoke.

Sign up for the latest news

Oops! Please make sure your email is valid and try again.