Most retailers know they need insurance to cover risks to their property such as fire or theft, or their risk of liability if someone is injured in the workplace. As numerous high-profile breaches demonstrate, retailers also need to carry coverage for data breaches. While many insurance companies offer cyber insurance, not all policies are created equal.

Why is buying cyber insurance difficult?

  1. There is little standardization among competing policies; as a result, it is hard to comparison shop.
  2. Policies’ exclusions often swallow coverage; as a result, assessing the value of a policy is difficult unless you have extensive experience with the types of liabilities that arise following data breaches.
  3. Policies often cover security but not privacy risks.

Items to review when shopping for cyber insurance:

  1. Do the sub-limits on coverage match the corresponding risks?
  2. Does the policy include sub-retentions (sub-deductibles) that are unlikely to be reached?
  3. Does exclusion prevent payment for the largest risks, e.g.,charges that arise following a credit card breach, common theories alleged in class actions, etc.?
  4. Is voluntary notification of affected consumers covered?
  5. Will credit monitoring for affected consumers be covered?
  6. Who does the insurer have on panel for legal representation, forensic investigations and/or crisis management?