On November 9th, Lloyd's of London issued a market bulletin to its syndicates on managing catastrophe-risk and exposures. While the memo is directed at the syndicates which make up the Lloyd's insurance market and in assisting those syndicates in managing their cyber exposure (and the accumulated cyber exposure risk to the entire Lloyd's market), it also provides some insight into how this insurance market leader believes its constituents should be approaching cyber insurance.
The memo's guidance can be applied to business owners and purchasers of cyber insurance as well.
The memo suggests that the syndicates "create and develop their own lists of 'plausible but extreme' types of cyber-attack scenarios, with associated lines of business that may be affected." This is good advice for anyone purchasing cyber insurance. It is important for policyholders to understand what types of cyber attacks would most effect their business, what is the possible scope and scale of the attack, and what is the possible expense. With that information, a business can plan for what types and how much insurance to purchase.
For example, the memo also notes that "there are different types of cyber-attack, which could cause different types of harm: denial of service, data-theft, data-damage, reputational harm, physical damage etc. The economic damage for each type may differ, with consequences including direct financial loss, bodily injury or property damage." These are just some of the questions that businesses should be asking themselves when considering the purchase of cyber insurance.