It seems that no company is safe from a cyberattack or breach, despite the best firewall protection or best efforts to secure your system. Whether you are new to cyber insurance or have a policy in place, your cyber coverage must fit your business and the technology it uses today, and must continue to evolve as your needs, and the cyber threats, change.
So, what kind of insurance should your company get? Unfortunately, there is not one simple answer and, just like with network cybersecurity experts, it is vital to consult with sophisticated coverage counsel on this issue to make sure your company has the correct coverage to address current needs and risks. Cyber coverage is not one-size-fits-all. While, at last count, nearly one hundred companies were offering stand-alone cyber insurance policies, other existing policies may provide coverage in addition to or in concert with your cyber coverage. Below, we've compiled a list of questions to consider in addressing whether you're protected for a cyber event.
1. Changing and new risks lead to gaps in coverage. Are there gaps among your policies that should be filled? For example:
a. Is there a gap between your crime policy and cyber policy for social engineering or cyber fraud events?
b. Is there a gap between your property policy and cyber policy for physical loss that causes a cyber loss, or a cyber loss that causes physical damage?
c. Are you covered if loss of personal property results in a cyber loss, such as if an employee loses a company laptop?
2. What "retro" date is used in your cyber policy, and is it based on a discovery trigger or an occurrence trigger? This is important if there is any preexisting malware on your system.
3. What representations were made during the application process that may affect coverage? Many insureds warrant that all of their employees utilize "best practices" without realizing the implications on coverage.
4. Are you covered for the costs of investigating an alleged or suspected breach or just a confirmed cyber breach? Both may be equally expensive.
5. What is the waiting period for cyber or network interruption coverage, and does it make sense given that this is not a traditional brick-and-mortar business? For example, an outage of 40 hours may be catastrophic to your business during the height of tourist season.
6. Are you covered if your vendors experience a network outage or cyber event?