Cybersecurity: Securing Effective Insurance Coverage

A recent Risk Management Magazine article reviews some of the lessons learned from recent cyber insurance claims and offers the following tips on securing effective cyber insurance coverage:

An organization that experiences a cyber insurance claim is best positioned to understand its own people and processes, but risk and insurance advisors can also help analyze the claim and address the conditions that led to it.

Many cyber policies offer expert services, such as forensics, breach coaching, crisis communications and data restoration. Broad coverage that applies to a wide set of potential loss scenarios is valuable. Risk professionals should seek the broadest available cyber coverage that suits their organization’s needs, with the assistance of qualified risk and insurance advisors.

For example, coverage for cyber extortion is available, but not all cyber insurance policies include it. Risk professionals should look for insuring agreements that define extortion as a threat to: alter, destroy, damage, delete or corrupt data; perpetrate unauthorized access or use of computer systems; prevent access to computer systems or data; steal, misuse or publicly disclose data, personally identifiable information, or third-party information; introduce malicious code into computer systems or third-party computer systems; and interrupt or suspend computer systems.

Effective cyber insurance coverage is essential in an environment where the costs associated with cybersecurity incidents can be extremely large.  According to the article, those costs may include self-insured retentions, business interruption, crisis services, legal and regulatory defense expenses, settlements and fines.  The article cites NetDiligence’s 2024 Cyber Claims Study, which found a five-year average incident cost of $937,000 for small- to medium-sized businesses and $36.1 million for large businesses (those with more than $2 billion in revenue).