Let’s face it, the Internet can be a scary place from a risk standpoint. Indeed, it seems that on practically a daily basis we hear about a massive security breach and the theft of sensitive and personal data.

So, what are companies to do to mitigate cyber risks? Of course, they should employ the best in class technologies that are designed to block cyber intrusions and attacks. They also should implement and enforce cyber security company-wide policies.

Still, such technologies and policies never are perfect in terms of creating a silver bullet against all cyber risks. Accordingly, what else can companies do to cover Internet perils?

They can procure cyber-insurance. While insurance has been around for hundreds of years, cyber-insurance relatively is young — about fifteen years old.

When cyber-insurance first came to market in its infancy, it was an immature product. Assessment of Internet risks was just beginning, and cyber-insurance policies varied widely in terms of coverage, exclusions, and price.

Since that beginning, there has been more experience with Internet risk assessment, and cyber-insurance has progressed with some greater uniformity. Nevertheless, companies seeking to procure cyber-insurance carefully should consider the specific types of cyber risks they face and from there they should seek specific or tailored coverage for those risks.

Given that Internet risks are still unfolding and evolving, insurers themselves want to mitigate their exposure when it comes to issuing cyber-insurance. They may insist on certain exclusions, they can set premiums at a high level, and they may make sure to have reinsurance in place.

That being said, cyber-insurance is valuable in backstopping companies’ technological and company policies in seeking to thwart Internet threats.

Hopefully, more companies will move forward on all three fronts.