Skip to content

Cyber 101: Your Beginner's Guide on Cyber Insurance

Written by Victoria Crowe on

With cyber attacks severely increasing and showing no signs of slowing down, it is important for businesses and individuals to know their cyber insurance options and ask their insurance agency/broker any questions they may have. Being prepared is the first step to mitigating loss from a cyber attack and protecting your company's data.

What is cyber insurance? What does it cover?

Cyber insurance is a professional liability policy that provides coverage and protection for many different cyber exposures, such as the following:

    • Personally Identifiable Information (PII): Any data that could identify an individual through their presence on the internet leaving them potentially exposed to hackers. Once this data is breached, hackers can use it to infiltrate an individual's systems.
    • Malware: A file or code delivered through a network that infects and corrupts any data that a hacker intends to do. Typically, malware is delivered through email links that "download" the malicious code into a company's system, rendering them vulnerable to losing important data and information.
    • Data Breach and Ransomware: A type of business interruption intended to halt your systems. Hackers infiltrate your company's systems and gain control to leverage access and the release of sensitive data and information for monetary gain.

Who needs cyber insurance? What about personal cyber insurance?

Anyone that operates a business, from a small business to a large corporation, needs cyber liability insurance due to the significant risk of exposure to cyber attacks. It's not if you are going to get hacked, it's when you are going to get hacked.

Insurance carriers are noticing a need for personal cyber insurance for individuals, but coverage options are different from those available to a business.

Why is it important for businesses to have cyber insurance?

Hackers try to infiltrate anywhere they can, and if a company does not take preventative measures— such as using multi-factor authentication and strong passphrases— to lock down their systems, they are left extremely vulnerable to cyber attacks. Using third-party vendors can also leave your company exposed because if the vendor has a data breach, your company's information is now in the hands of the hacker.

Key considerations for large corporations:

    1. What is your incident response?
    2. What kind of infrastructure have you set up in case a cyber attack occurs?
    3. Do you have insurance in place?

Any company without a good IT infrastructure in place becomes prime for cyber hacks and ransomware attacks.

Is cyber insurance mandatory?

In the business world, it is becoming standard practice to require cyber insurance in contractual agreements. More contracts require companies to have cyber insurance in place to do business, especially for government-contracted work.

Where can businesses purchase cyber insurance coverage? Can individuals purchase personal cyber coverages?

Companies looking to purchase cyber insurance should use an insurance broker because cyber policies include many nuances, differences, and potentially confusing information, all of which a broker can shed light on.

Individuals cannot purchase cyber insurance like a corporation or entity can. Individual options include third-party cyber insurance companies, such as LifeLock, or insurance through a bank, if they offer cyber coverage. However, many insurance carriers have begun providing cyber coverage for individuals for exposures such as identity theft, information hacking, online harassment, cyber bullying, and defamation lawsuits. In some cases, individuals who have amassed significant wealth are advised to obtain cyber liability insurance in case they become the targets of a ransomware attack.

What questions should businesses be asking their insurance companies or brokers about their cyber policies?

It is important to choose an insurance broker or an insurance company that understands cyber insurance extensively. Any broker or company that does not will be unable to explain what the coverage on your policy entails.

Some important questions to ask:

    1. Is personally identifiable information (PII) covered in my policy?
    2. What are my limits of liability for PII?
    3. Is ransomware covered? Is it sub-limited?
    4. What's my deductible for the highest limits I can receive?
    5. Does my policy cover business interruption?
    6. Does policy cover contingent business interruption (third-party vendor exposure)?
    7. Are social engineering, voice manipulation, and wire transfer fraud covered?
    8. What am I missing in my policy?

You should always ask for a full listing of everything that is covered and ask about what is not covered or what is excluded from that listing. A cyber policy can easily be anywhere between 60 to 200 pages of information, and it is crucial for clients to ask the above questions to fully understand their policies.

Click here to see how our Cyber Liability Insurance can help you with your personal or business insurance needs.

Download This Blog as a PDF
Related Resources
Get insights and advice on how to reduce your organization’s risk of a cybersecurity incident.
About The Author

LinkedIn | Full Bio

Any advice, information, data, communication, proposal and/or document transmitted to you in or in connection with this blog (including, without limitation, any past or future written or oral communications in connection with this blog or its subject matter, and any replies to or forwarded messages in connection with this blog) (collectively, this “Communication”) shall not be deemed legal advice and are not a substitute for the guidance of your legal, tax, financial or other professional advisors. The information contained in this Communication is based on the information made known to B.F. Saul Insurance, Inc. (“BFSI”), at the time this Communication is transmitted to you. If any of the information provided to or relied on by BFSI is inaccurate or changes before insurance coverage is bound then the terms and conditions, premiums, or even availability of such coverage may be subject to change. This Communication does not constitute a contract for insurance and, the terms and conditions of any current or future policy(ies) of insurance shall supersede and prevail over this Communication. This Communication and any information disclosed to you in connection with this Communication at any time (whether orally or in writing) are provided to you in confidence, are the proprietary and confidential information of BFSI, and shall not be disclosed to any third party (except to legal, tax, financial or other professional advisors for the sole purpose of enabling and only to the extent necessary to enable them to provide their services to you in such capacity(ies)), reproduced or used for any other purpose without the express written consent of BFSI.

All requests to place, change or terminate coverage must be confirmed in writing and are subject to the terms and conditions of your insurance policy(ies). Coverage shall not be considered and cannot be bound, changed or terminated unless you have received written confirmation of such from a licensed agent pursuant to the terms and conditions of your insurance policy(ies).