When social engineering, hacking and malware (to name a few) became commonplace, the original train of thought was that businesses could manage cybersecurity risks by simply encrypting backups and implementing an internal password regime. No matter how good your cybersecurity infrastructure might be, businesses are facing enormous risks as they try to fight off numerous hacking attempts. With the evolution of these attacks, it is clear that cyber insurance is now critical to a business’ cyber defense and safety. Simple enough right? Unfortunately, exploring your options for cyber insurance isn’t very cut and dry. Whether it be the language of specific coverages or the fact that cyber insurance is still fairly new, current flaws in cyber insurance coverage can leave your business at risk.
Major Flaws in Cyber Insurance Coverage
As is the case with different cyber-attacks, cyber insurance continues to evolve on a weekly basis. The reasons for this vary as both the insurers and the potential insured look to find an understanding of what to cover and at what price. The 5 current flaws listed below usually lead to these tough conversations.
This is the most common flaw we see today regarding cyber insurance. Oftentimes, businesses are unaware of the full slate of cyber risks that may arise as well as the types of coverage options for each type of risk. According to Deloitte, the three main obstacles for cyber insurance sales are not understanding exposures, the application process and lastly, not understanding coverage.
As in the case with many general insurance policies, businesses wrongly assume they have a certain level of cyber coverage in their general liability, property, professional liability, business interruption, crime policies and other standard coverages. While this may be slightly true, the coverage is meant for other incidents and the payouts are less than expected. Additionally, this complicates the efforts to assess needs, match policies and compare alternatives.
Because of the many questions around coverages and the risks involved, there is still yet to be a standardized description of coverage terms, conditions and exclusions. Different providers offer numerous alternative features, all using unique language, making it hard for businesses to discern which policy best serves their needs.
Generally speaking, claims are limited to attacks and unauthorized activity, which leaves gaps for accidental errors and omissions. According to the Ponemon Institute’s annual Cost of Data Breach Independent Study, the report found that 25% of all U.S. data breaches in 2018 were recognized as carelessness or human error. Most organizations don’t want to have 25% risk in any portion of their business, let alone their insurance coverage.
Lastly, and most importantly to the insured, policies are limited to only paying out losses that occur during an actual network interruption. Therefore, businesses are currently on the hook for the entire period that their business has been disrupted including any loss of customer data. Additionally, relating back to the language of the policies, many cases involving third-party contractors that outsource to service providers or cases that include attacks on recently updated systems, are turned down.
Don’t Assume with Your Insurance
When it is all said it done, it is important for businesses not to assume they are covered based on the general policies they currently have in place. If you don’t consistently speak with your provider about gaps in your coverage and the changing landscape of cyber threats, you may find out you’re covered for pennies on the dollar. At Colony West, our team of dedicated professionals continues to communicate and provide the latest in Cyber Insurance Coverage. Contact us today to see how we can help!