Cyber risks and cyber insurance are hot topics in almost every industry. However, many companies do not have cyber insurance yet and often don’t know where to start or how to evaluate their cyber risks and need for coverage, let alone how to identify carriers and forms offering cyber insurance. Business Insider recently reported that cyber insurance will become a $7.5 billion dollar industry in the next five years. Here are five tips for getting started if your company does not have cyber insurance:\
1. Evaluate your needs
Every company has cyber risk. However, the potential impact of a cyber incident varies widely depending on your industry, type of customer, amount of and type of data you store electronically and your security systems. Talking to similar companies about whether they have cyber insurance and to what degree is a great place to start. In addition, the National Institute of Standards and Technology has a free framework to help companies evaluate their risk.
2. Work with your broker
Your current insurance broker may be a good resource to find out more about the cyber insurance market and, ideally, they already have knowledge about your company’s risk appetite. There can be significant variation between the terms offered in cyber insurance policies. Your broker should be able to advise you about what carriers are in the market, what coverages they are offering, and how the carriers’ offerings align with your coverage goals.
3. Consider retaining coverage counsel before you purchase the policy
Because of the variation in forms and offered terms, coverage counsel can help a company evaluate the offered terms and consider how limitations and exclusions could affect your company if a claim were to hit. As this is a developing insurance market, having a more detailed review from counsel who have worked on cyber insurance coverage issues can be an eye-opening experience.
4. Start somewhere
It is impossible to know when, how, and to what extent your company may experience a cyber-loss. Don’t let this uncertainty stop you from starting somewhere. You can always (and should) reevaluate your cyber insurance needs at renewal time.
5. Reevaluate your coverage at every renewal
With the growth potential in the cyber insurance market, Business Insider states that technology companies may disrupt the insurance market and take advantage of the limitations offered by the current market combined with their superior knowledge of cyber issues. Thus, companies may have more options in the future than conventional insurers to get cyber protection and companies should check the market at renewal time to see if better options are available. It is also important for a company to evaluate whether any changes have been made on the business side that may impact their cyber risks, and if so, whether they have sufficient coverage in place.