Five critical elements to check in your cyber insurance policy
Insurance policies are complicated and long. A typical policy might be 60 pages of complex jargon that even the most experience insurance brokers will have a hard time explaining. This post is only meant to describe 5 critical elements of your insurance policy that you should discuss with your insurance provider.
1. First party vs. third party
There are two major types of policies: first party and third party coverage. First party insurance provides coverage for direct costs associated with responding to the failure and managing through the incident. Third party insurance provides coverage for lawsuits or claims that come as a result of a cyber incident. Make sure you know which type you are purchasing.
2. Trigger for the policy to respond
Make sure you understand what incidents will result in your policy responding. Your policy wording will describe specific events that must occur in order for your insurance policy to begin paying out. For example, some first party cyber policies require the company to be legally obligated to notify clients of a breach. In the US, 47 states have laws requiring a company to notify clients of a breach within a set period of time. Canada does not yet have such rules yet, but a company many choose to notify clients regardless. As a result, check your policy to make sure voluntary notification costs are covered.
3. Sub-limits for each coverage
The top-line coverage limit (e.g., $5M) may not be the same limit for each coverage in your policy. There will almost always be “sub-limits” for specific coverages. Make sure you review the list and that you are comfortable with the coverage offered.
4. Business interruption
This is an important coverage to help cover loss of profits or revenue the business suffers as a result of the break. This might be due to systems being down or customers leaving due to reputational damage. The two important elements of this coverage to consider are: the length of the waiting period before you can claim against this coverage and the duration of time this coverage will pay.
5. Unauthorized access versus failure to protect
The most commonly cited breach is caused due to an outside agent intentionally gaining unauthorized access. However, if your policy only responds in such cases, you may be left exposed. You want a policy that also covers cases where confidential information is released without unauthorized access, such as a lost hard-drive, stolen papers or accidental emailing of a spreadsheet.
As you shop around for a cyber insurance policy, keep the above five elements in mind. Ask your insurance broker to explain your policy in the context of these elements to make sure you are appropriately covered.
Zensurance is Canada’s leading online commercial insurance broker. We offer a full range of insurance products to small businesses, with a particular focus on digitizing businesses and technology startups. We understand what it is to work with new technology, and know the most common risks of which you should be aware. Based on that (and a lot of analytics), we recommend the ideal insurance coverage for your business.