Beginner's Guide to Cyber Insurance | B. F. Saul Insurance

With cyber attacks severely increasing and showing no signs of slowing down, it is important for businesses and individuals to know their cyber insurance options and ask their insurance agency/broker any questions they may have. Being prepared is the first step to mitigating loss from a cyber attack and protecting your company's data.

What is cyber insurance? What does it cover?

Cyber insurance is a professional liability policy that provides coverage and protection for many different cyber exposures, such as the following:

• • Personally Identifiable Information (PII): Any data that could identify an individual through their presence on the internet leaving them potentially exposed to hackers. Once this data is breached, hackers can use it to infiltrate an individual's systems.
  • Malware: A file or code delivered through a network that infects and corrupts any data that a hacker intends to do. Typically, malware is delivered through email links that "download" the malicious code into a company's system, rendering them vulnerable to losing important data and information.
  • Data Breach and Ransomware: A type of business interruption intended to halt your systems. Hackers infiltrate your company's systems and gain control to leverage access and the release of sensitive data and information for monetary gain.

Who needs cyber insurance? What about personal cyber insurance?

Anyone that operates a business, from a small business to a large corporation, needs cyber liability insurance due to the significant risk of exposure to cyber attacks. It's not if you are going to get hacked, it's when you are going to get hacked.

Insurance carriers are noticing a need for personal cyber insurance for individuals, but coverage options are different from those available to a business.

Why is it important for businesses to have cyber insurance?

Hackers try to infiltrate anywhere they can, and if a company does not take preventative measures— such as using multi-factor authentication and strong passphrases— to lock down their systems, they are left extremely vulnerable to cyber attacks. Using third-party vendors can also leave your company exposed because if the vendor has a data breach, your company's information is now in the hands of the hacker.

Key considerations for large corporations:

1. 1. What is your incident response?
   2. What kind of infrastructure have you set up in case a cyber attack occurs?
   3. Do you have insurance in place?

Any company without a good IT infrastructure in place becomes prime for cyber hacks and ransomware attacks.

Is cyber insurance mandatory?

In the business world, it is becoming standard practice to require cyber insurance in contractual agreements. More contracts require companies to have cyber insurance in place to do business, especially for government-contracted work.

Where can businesses purchase cyber insurance coverage? Can individuals purchase personal cyber coverages?

Companies looking to purchase cyber insurance should use an insurance broker because cyber policies include many nuances, differences, and potentially confusing information, all of which a broker can shed light on.

Individuals cannot purchase cyber insurance like a corporation or entity can. Individual options include third-party cyber insurance companies, such as LifeLock, or insurance through a bank, if they offer cyber coverage. However, many insurance carriers have begun providing cyber coverage for individuals for exposures such as identity theft, information hacking, online harassment, cyber bullying, and defamation lawsuits. In some cases, individuals who have amassed significant wealth are advised to obtain cyber liability insurance in case they become the targets of a ransomware attack.

What questions should businesses be asking their insurance companies or brokers about their cyber policies?

It is important to choose an insurance broker or an insurance company that understands cyber insurance extensively. Any broker or company that does not will be unable to explain what the coverage on your policy entails.

Some important questions to ask:

1. 1. Is personally identifiable information (PII) covered in my policy?
   2. What are my limits of liability for PII?
   3. Is ransomware covered? Is it sub-limited?
   4. What's my deductible for the highest limits I can receive?
   5. Does my policy cover business interruption?
   6. Does policy cover contingent business interruption (third-party vendor exposure)?
   7. Are social engineering, voice manipulation, and wire transfer fraud covered?
   8. What am I missing in my policy?

You should always ask for a full listing of everything that is covered and ask about what is not covered or what is excluded from that listing. A cyber policy can easily be anywhere between 60 to 200 pages of information, and it is crucial for clients to ask the above questions to fully understand their policies.

Click here to see how our Cyber Liability Insurance can help you with your personal or business insurance needs.