10 Considerations When Buying Data Breach Insurance
MrInsurability May 17, 2017 No Comments

10 Considerations When Buying Data Breach InsuranceWe have been talking quite a lot lately about data breach insurance. Since there is more than one type of computer attack, we can also use the term cyber insurance. It’s obvious that every business needs this coverage, but like any purchase, there are questions and concerns. So, let’s look at the 10 Considerations When Buying Data Breach Insurance.

As one might expect, interest in this coverage increases with every report of a major computer breach.

Aside from the increasing number of reported breaches, regulatory pressures from the government are driving the need for coverage. In the USA, the Securities and Exchange Commission requires publicly traded companies to disclose their cyber risks. They must also provide proof of any insurance coverage they have.

At the same time, insurance brokers and carriers have made a noticeable increase in their marketing efforts. So between the increase in attacks and the demand to obtain or step-up coverage, many businesses have their heads spinning.

Undoubtedly, there are advantages to having data breach or cyber insurance. Industries such as financial services use cyber insurance to meet their regulatory requirements. Coverage is very beneficial to protect against losses with set values like regulatory fines and breach notification.

There are many other expenses involved that have unknown costs. Data breach coverage does have certain limits to it also. It isn’t a stopgap measure against weaknesses in an IT security program, for example.

In any attack, there are obvious high cost problems that need coverage. But there are also many low cost issues that may not require extensive data breach coverage.

These various high and low cost issues can be a problem for insurance carriers. These kinds of attacks are relatively new and insurance carriers don’t have much history on them. As such, determining a definite premium is very hard.

Experts feel that cyber insurance is still a gamble to insurance companies. If a carrier is wrong on cyber insurance costs, they may not have the financial ability to pay claims.

Because of this disparity, cyber insurance premiums range from $10,000 to $35,000 for $1 million in coverage. It depends where you go and going cheap may mean claims not paid.

Today there are only about two dozen carriers offering data breach coverage. Each offers their own take on coverage, but they boil down to:

  • Network intrusion
  • Breach notification
  • Loss of income
  • Business interruption
  • Regulatory
  • Civil action
  • Cyber extortion
  • Terrorism

In keeping with our theme of offering help and educating readers on insurance issues, we are offering the following 10 Considerations When Buying Data Breach Insurance:

Falling for a Sales Pitch

Most articles written about cyber insurance in general, are positive. Like this article, those were probably written by someone selling cyber insurance. Obviously, nothing is completely perfect and without issues and downsides.

We hope that by providing honest information, not sales hype, you’ll look to us when you do decide to buy.

Broker Experience

As we mentioned earlier, this is a new field in insurance. We also mentioned that there are really only about two dozen carriers offering this coverage. Please make sure that you do get to deal with someone who has experience.

Difficulty Understanding Your Policy

The in’s and out’s of data breach coverage can be difficult to understand at times. An ideal way to deal with this would be to create examples of data breach losses. You could then determine, in advance, if an insurer will pay your claims.

What Qualifies as a Loss?

Again, being a new type of coverage, claims adjusters may not fully understand data breach/cyber security. If your system has advanced malware protection in place, are you covered if those protections were turned off?

A lack of knowledge on the part of an inexperienced claims adjuster could lead to a denial of claims. Thus, claims denied for events that you might have believed were covered. You should know if the adjusters that you would be working with were up-to-date on cyber threat coverage.

Doing a Pre-Insurance Survey Carefully

Being careful and specific when filling out a pre-insurance survey is very important. Any forms that name and explain the coverage you are wanting need to be complete.

An insurer can deny a claim if the insured states, in the pre-insurance survey, anything that was not completely accurate. Even the most minor discrepancy could be devastating.

Filing Claims

As previously mentioned cyber coverage is new and without any known history on how claims are paid. As such, cyber coverage remains a big risk for many insurance carriers. Be sure to deal with one who specifically pays the type of claims you would have.

Selecting Your Coverage

Among the few carriers selling data breach coverage, there are some choices and differences. A business needs to be sure to have an insurance person with a good knowledge of what the company needs.

A reputable insurance agent is also a must. Ideally, having an independent insurance agent with knowledge of several companies’ policies will make choosing a carrier much easier.

Understanding Policy Exclusions

This is a big one. It also goes back to Difficulty Understanding Your Policy. Set-up sample claim situations and see what the insurance carrier will or will not pay.

Entering the Cloud

Being honest, don’t expect much protection for data stored in the cloud. Insurance carriers cannot afford to cover the risk. That stored information is much easier to secure for a company on its own.

Paying Claims

There are watchdogs that claim a lack of independent proof exists that insurance carriers pay their data breach claims. I can say that as far as we know, the companies that we deal with have paid their claims.

If we found that they hadn’t, we would be looking elsewhere ourselves. That said, we can’t speak for everyone. That’s why every business needs to have at least one person who is on top of things about insurance. Again, a good independent agent can help with that also.

That’s it for the 10 Considerations When Buying Data Breach Insurance. I know that this may have been a little too honest, from an insurance producer’s point of view.

I also hope that any business man or woman reading this post understands that honesty is the best policy. When dealing with MrInsurability, that’s what you can expect to receive. Remember, we’re only a click away!