Cybersecurity insurance considerations


  Decrease Text Size Increase Text Size

The increased risks around cybersecurity have sparked many new questions about the role of insurance in helping to manage a firm’s security risks. Many firms are adding a cybersecurity insurance policy to insulate the firm’s finances against a major security breach. Below are some important considerations when evaluating the need for a cybersecurity insurance policy:

  • Cybersecurity coverage is not typically included in most commercial policies. A separate policy or rider is likely required.
  • Begin by putting a basic cybersecurity program in place — an effective program can reduce premiums.
  • Clearly understand the scope of cyber coverage; brokers can help clarify.
  • Firms should consider both first- and third-party coverage, to cover potential losses because of firm weaknesses or weaknesses of third-party vendors.
  • Be responsible: A cyber policy can be an important part of a firm’s cybersecurity program, but it shouldn’t replace cybersecurity policies and controls.

The National Association of Insurance Commissioners (NAIC) outlines some of the types of cybersecurity coverage being offered:

  • Liability for security or privacy breaches
  • Costs associated with breaches, such as customer notification and support
  • Replacement costs for restoring, updating or replacing business assets stored electronically
  • Costs associated with business interruption
  • Liability associated with copyright infringement or product disparagement as the result of a breach
  • Expenses paid for ransomware or cyber extortion
  • Expenses related to regulatory compliance failures

eFraud Prevention™, LLC