The interest in cyber liability insurance over the last year has surged as a result of the number of high-profile attacks that have occurred across all industry segments, including for healthcare, education, retail, entertainment, and financial institutions. Cyber Liability insurance can be designed to provide coverage as a result of a breach for loss or disclosure of confidential customer and employee data, intellectual property, destruction of business property, reputational injury, regulatory actions, fines and investigations, class action litigation, and loss of business, among others.
While there are about 50 insurance carriers offering Cyber coverage in the U.S., it’s important to note that policies different widely and should be customized to fit the insured’s needs and the industry served. In addition, when looking to secure a strong and responsive cyber liability insurance policy for your clients, there are several key elements to evaluate.
First, be sure that a complete assessment of the insured’s vulnerability is performed to avoid buying a policy that does not addressed certain exposures. An insured should also do all it can to curb its cyber risks, such as those involving phishing attacks or attempts to steal sensitive data, in order to lower insurance premiums. Encryption of all employees’ mobile devices should be implemented, which will help with lower deductibles and premiums.
Check policy details for coverage gaps to ensure an insured is covered for a broad array of exposures. For example, many Cyber policies claim they provide coverage for complaints alleging failure to comply with applicable privacy laws, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Gramm-Leach-Bliley Act of 1999 or various state privacy laws. However, some of these policies contain exclusions that deny coverage for failure to abide by the requirements set forth in these statutes. For example, claims alleging failure to provide opt-out privileges from data collection may be excluded from coverage.
Sublimits in a Cyber policy also must be properly evaluated and negotiated. A $1 million policy may offer only $250,000 in coverage sublimits for each of four potential claims categories, including legal expenses and hiring a forensic company to analyze damage. However, insurers can increase those sublimits without changing the overall limit.
In addition, look at the carrier’s services that come with a Cyber insurance policy. Depending on the carrier, your client can receive breach response services to satisfy statutory responsibilities and protect the insured organization’s reputation, a risk assessment of data/privacy exposures, risk control education for the organization’s staff, client advisory bulletins on emerging exposures, 24/7 claim hotlines and/or legal consultation by attorneys experienced in cyber risk.
Caitlin Morgan specializes in securing Cyber Liability insurance and can help you place the right policy for your client. Give us a call at 877.226.1027 to learn more about what we offer.