By Hank Clement, Managing Director, Altus Corporate Risk
Cyber coverage is one of the most rapidly evolving insurance products on the market. With cybercriminals constantly changing their attack tactics, policies need to adapt quickly to provide adequate protection.
Early cyber attacks involved malware. In 2000, the infamous ILOVEYOU worm infected 50 million computers by corrupting data and exploiting users’ email contacts. Cybercrime then expanded from phishing to ransomware to social engineering to cryptojacking. As cybercrime continues to evolve, it can be hard to keep up with what your cyber insurance policy covers and what it doesn’t. If you don’t understand your coverage, you might not be protected from major threats.
Cyber policies include two distinct coverage components: first-party and third-party. First-party coverage is the most common from a claims perspective since it is triggered when an alleged or actual breach occurs. First-party coverage may include:
- Legal services to help comply with state or federal guidelines
- Computer forensics to discover what information has been compromised
- Notifications to alert customers or employees of personal information exposed
- Credit monitoring for customers to monitor unusual activity
- Public relations or crisis management services to control media messages and rebuild the company’s reputation
- Cybercrime coverage to protect against social engineering, funds transfer fraud, telephone fraud and invoice manipulation attacks
- Business interruption to cover for loss of income
- Computer hardware replacement
- Network Extortion
If a third party is seeking financial damages because of a breach, then third-party coverage will be triggered. This policy should provide coverage for actions brought by a regulatory agency, as well as PCI (Payment Card Industry Security Standard). PCI coverage pays for fines and penalties assessed by credit companies as a result of your breach.
Although cyber insurance policies are constantly adapting to protect a company from the latest schemes, the real challenge with cyber coverage comes from the interconnectivity of today’s businesses. As we become more dependent on computers, the cloud and the Internet of Things, companies need to understand how their insurance policies will and will not respond to cyber-related incidences.
Each year as your cyber policy is up for renewal, you should sit down with your insurance broker to discuss what new changes your organization has made, what new cyber threats are present and what gaps may be left open in your current policy. By extending your cyber coverage to close those gaps, you can mitigate the chance of having an uncovered loss.