Cyber risks and cyberinsurance are hot topics in almost every industry. However, many companies do not have cyberinsurance yet and often don’t know where to start or how to evaluate their cyber risks and need for coverage, let alone how to identify carriers and forms offering cyberinsurance. Business Insider recently reported that cyberinsurance will become a $7.5 billion dollar industry in the next five years. Here are five tips for getting started if your company does not have cyberinsurance:

  1. Evaluate your needs

Every company has cyber risk. However, the potential impact of a cyber incident varies widely depending on your industry, type of customer, amount of and type of data you store electronically and your security systems. Talking to similar companies about whether they have cyberinsurance and to what degree is a great place to start. In addition, the National Institute of Standards and Technology has a free framework to help companies evaluate their risk.

  1. Work with your broker

Your current insurance broker may be a good resource to find out more about the cyberinsurance market and, ideally, they already have knowledge about your company’s risk appetite. There can be significant variation between the terms offered in cyberinsurance policies. Your broker should be able to advise you about what carriers are in the market, what coverages they are offering, and how the carriers’ offerings align with your coverage goals.

  1. Consider retaining coverage counsel before you purchase the policy

Because of the variation in forms and offered terms, coverage counsel can help a company evaluate the offered terms and consider how limitations and exclusions could affect your company if a claim were to hit. As this is a developing insurance market, having a more detailed review from counsel who have worked on cyberinsurance coverage issues can be an eye-opening experience.

  1. Start somewhere

It is impossible to know when, how, and to what extent your company may experience a cyber-loss. Don’t let this uncertainty stop you from starting somewhere. You can always (and should) reevaluate your cyberinsurance needs at renewal time.

  1. Reevaluate your coverage at every renewal

With the growth potential in the cyberinsurance market, Business Insider states that technology companies may disrupt the insurance market and take advantage of the limitations offered by the current market combined with their superior knowledge of cyber issues. Thus, companies may have more options in the future than conventional insurers to get cyber protection and companies should check the market at renewal time to see if better options are available. It is also important for a company to evaluate whether any changes have been made on the business side that may impact their cyber risks, and if so, whether they have sufficient coverage in place.