When it comes to data breaches, the truism is that it’s not a question of if but when. Thus, organizations need to look holistically at how they can protect themselves. Companies should invest in cybersecurity and educate their employees on best practices—and cyber insurance should be an integral part of the plan, too.
Cyber-insurance policy forms are complex legal instruments with extremely technical language. With more than 60 insurers selling dozens of different insurance policy forms with no standardization, the cyber-insurance market has been described as the “Wild West.” Given the various policies on the market, policyholders should look for a product that is tailored to their risk, beginning with an understanding of the organization’s exposures. Each company will have a different risk profile, depending on factors such as industry, type of records maintained, and payment-collection methods.
Regardless of a company’s risk profile, all organizations should consider three basic issues: (1) what’s covered, (2) what’s excluded, and (3) how to preserve coverage for claims and losses.