By Joe Salpietro
Businesses are becoming more interested in cyber coverage as they face mounting risks to their data security. But finding the right carrier and product can be challenging.
Here are four pitfalls insureds should avoid when searching for a cyber claims provider:
1. Choosing the wrong policy.
No policy should be considered a one-size-fits-all solution, especially when there is more variation in the cyber marketplace than ever before. Business leaders must find the policy that is most appropriate for their situation. Here are examples of questions they should consider:
• What risks does the company face today? How are those risks expected to evolve as the business grows?
• What is the nature of the digital assets managed by the organization?
• Who will have access to those assets? Consider internal and external sources, including vendors.
• Has the business taken the right steps to protect its network from intrusion and its data from theft or loss?
• In the event of a breach, what are the realistic impacts to the business?
It’s important to have a knowledgeable agent who can help insureds navigate the wide variety of products on the market. The agent should be able to help identify risk areas that the business owner may have overlooked.
2. Not knowing policy details.
It’s critical for business owners and operators to review and understand their new policy’s coverages and any applicable exclusions. Incorrect assumptions about what a policy will and won’t cover could be financially devastating to a company. Be sure to know if legal fees are included in the event a data breach victim decides to sue or whether expenses will be covered for outside IT or other technical resources if the network is compromised.
Businesses can simply ask their agent or broker to go through the policy in its entirety and provide guidance. An experienced agent will be able to help identify additional coverages that may help mitigate specific risks while also offering options to close any gaps created by exclusions in the policy. This might be accomplished via complementary policies targeted at specific risk areas or through bolstering the business’s existing security measures.
3. Purchasing a policy with the wrong limits.
Carriers typically offer cyber coverage variations with different limits that best suit a company’s requirements, size, sector, and risk profile. There are many options, so each policy’s limits should be tailored to the organization’s risks and anticipated needs in the event of an exposure. Take into account budget limitations as well as the organization’s ability to shoulder breach costs.
A company with a low-limit policy and higher risks could face significant monetary obligations. Consider what happened to Target. Post-breach costs are estimated to be $191 million, but only a fraction is covered by insurance. A knowledgeable agent will be able to advise a customer if the proposed policy limits are right for their situation and point them toward an option that meets their needs.
4. Giving the application too little attention.
The more information an organization is able to provide and the more detailed its responses, the more likely it will be matched to a policy that’s just right. Depending on the business and its risk profile, this may include submitting information about existing network security measures, employee training protocols and the organization’s incident response plan. The potential fallout from giving the application short shrift can be significant. Policyholders may find they are vulnerable to unanticipated financial burdens if they suffer a breach. If an answer is found inaccurate in an application, it may even lead to a policy being rescinded. Agents must work with clients to produce an application that is thorough and accurate, so the carrier can evaluate it properly.
Joe Salpietro is a cyber claims manager for IDT911.