Cyber Insurance Checklist
October 18, 2020
This year more than ever we have become digitally connected as a world. Everything from school lessons to grocery shopping is being done online. While it may make life a bit easier at time, it also exposes us to greater cyber security risks. Cyber risks can be expensive and messy, with the expected costs of cyber risks reaching $21 trillion by 2021. So how you protect yourself?

Develop a method to prevent cyberattacks as well as protect from losses in the event an attack happens. This checklist will help you to focus on the most important issues, ask the needed questions, and make the best decision about cyber insurance for your business.

Evaluate Your Level of Risk. Everyone is at risk of being the victim of cybercrime but there are some that are at a higher level of risk than others. Those who handle sensitive or secret data, are dependent on complex technologies, have limited resources for cyber security, or have a history of being cyber attacked in the past are at a higher risk. You should also consider if you or your business collect or store customer data that could lead to legal issues if leaked or if your business uses external devices such as phones or laptops that could be stolen. It is important to understand your level of threat and the consequences you would face in the event of an attack. Being able to estimate the damage will help you estimate how much cyber insurance you may need.

Determine Your Needs. Once you have evaluated your risks, you can begin to determine your needs. Cyber insurance policy coverages can differ depending on your needs and it is important to discuss all aspects with your DFA insurance agent. Some businesses may need more coverage than others, but all businesses must understand when, where, and why they need coverage in over to avoid gaps in coverage that could be costly. Areas where you might need coverage include:
  • Network security, including hardware and software
  • Incident response in the wake of a data breach
  • Insurance for lost or stolen laptops and mobile devices
  • Business interruption as a result of a cyber event
  • Coverage for types of cyber extortion like ransomware
  • Crisis management and public relations
  • Losses in 3rd party systems
  • Forensic investigations
Cyber insurance has no real set standards and it can be difficult to determine what exactly you need in a policy. Consider the following questions and discuss them with your DFA Insurance agent. How much insurance do you need and how much can you afford? What are your unique risks and what type of coverage do you need? What should trigger your policy? What should your policy exclude? What data must be covered and where is this data stored?
Learn About Cyber Insurance. When considering cyber insurance and what your business may need in coverage, it is important to do your research. You can do research on your own or go a step further and contact your DFA Insurance agent and have a discussion. While cyber insurance is still relatively new to the insurance world, it is very complex and diverse. However, most cyber insurance will still fall into two types of coverage.

The first type is first party coverage. This type of cover is designed to cover costs associated with the direct response to a cyber-attack. This means that if an attack occurs, first party coverage will provide funds to help immediately. Some examples of first party coverage include:
  • The cost of calculating the size or cost of an event
  • The cost of credit monitoring and crisis management
  • The cost of legal advice related to an event
  • The cost of hardware replacement or data restoration
  • The cost of business interruptions or diminished operations
  • The cost of notifying affected parties
The second type is third party liability. This type of coverage is designed to cover associated costs that arise from a cyber event. This means that if an attack occurs, third party liability will provide funds to help with delayed costs. Often, the costs of a cyberattack exceed the first party coverage amounts. Some examples of third-party liability include:
  • The cost of privacy liability lawsuits brought by employees or customers affected by a data breach
  • The cost of copyright lawsuits filed after intellectual property is exposed
  • The cost of breach of contract or negligence lawsuits
  • The cost of investigations, fines, and penalties levied by regulators
Speak with Your Insurance Agent. Once you have determined your risks and needs and you have done your research, the next step is to meet with your DFA insurance agent. Your DFA insurance agent is a vital source of information and can help to walk you through the complex world of cyber insurance. The following are examples of questions you should ask them. By asking targeted questions you can make sure that you have the exact coverage that your business needs and that you understand what your responsibilities are.
  • What types of incidents are covered? For instance, does your provider cover unintentional and non-malicious attacks?
  • What are the deductibles? In this area, cyber insurance works similarly to health, vehicle, or home insurance.
  • Exactly how does coverage and limits apply to first and third parties? For instance, do legal costs cover your business liabilities only or are your customers covered, too?
  • Does the policy cover any attacks on your business, including as an unintentional victim, or only those which were targeted directly at you?
  • What are the timeframes within which you are covered? Some cyber-attacks are not discovered right away. Are you going to be covered after the fact if this is the case?
  • Are any third-party vendors, suppliers, and business associates you do business with covered?
  • Does the policy cover you globally? For instance, it may exclude data theft or loss that occurs outside national borders.
  • What kind of response time can you expect in the event of a data breach?
Look for the Best Policy. Now that you have met with your DFA insurance agent and had a discussion to cover your needs and questions it is time to pick a policy. There are some things to consider when determining which policy is best for you.

Don’t overdo it. Cyber threats are endless, and one could purchase extensive coverage for every possibility but for most businesses that is not necessary. Most businesses won’t need coverages that cover rare or unlikely risks and since you have determined your needs previously you can determine which coverages work for you. The right coverage is not always the most expensive.

Beware of broad exclusions. Read the fine print and make sure that you are aware of any exclusions in your policy. You may think that a policy provides broad coverage but then the fine print proves otherwise. If you have concerns with the exclusions, you can discuss these with your DFA insurance agent.
Beware of provisions. Some policies require you to work with pre-approved parties in the event of an attack. You may prefer to work with your own parties. Make sure that you are aware of the provisions are okay with them. If you have any concerns, make sure to address them with your DFA insurance agent.
Cover your vendors. Make sure that your policy doesn’t exclude coverage for third parties which leaves large gaps in coverage.

Revisit and Revise. Once you have committed to your cyber insurance and developed your strategy, make sure that you have a plan to revisit and revise over time. It is important to sit down with your DFA insurance agent around renewal time and revisit your needs and coverages. The cyber world is ever evolving and so are the protections against attacks within it. Your strategies and coverages need to change as your needs do.

Cyber insurance can be confusing, but it is important to make sure that you are protected. Call DFA Insurance today at 877-358-9523 and speak with an agent to get your cyber protection search started.