High profile cyber breaches are causing businesses to take a hard look at cyber insurance. But because cyber insurance is a relatively new trend, plus it involves IT which can be mystifying, customers new to this field run the risk of picking a product that doesn't do them much good. As your business educates itself about cyber insurance, keep these two points in mind:
Tip #1 - Know your own risk profile
As a precondition to extending coverage, some insurers require customers to do a risk assessment of their cyber infrastructure. Some insurers even help customers do the assessment. Insurers want to know your vulnerabilities for at least two reasons: to value them; and to contractually delineate which vulnerabilities/incidents they won't cover.
Obtaining a risk profile separate and apart from insurance negotiations may be advisable for two related reasons. First, it helps you decide whether premiums are worth it. Is the insurer fairly valuing your risks? Second, it provides a disinterested view on whether a proposed policy adequately covers a given risk.
Tip#2 - Be able to satisfy best practices
Some insurers are also requiring customers to maintain cyber security best practices. These practices range from managerial to technical, and can involve all levels of a business. When loss happens because of a cyber event, you don't want the insurer to attribute the loss to your failure to maintain basic or agreed upon cyber security standards. Educate yourself on best practices and have processes for maintaining them.
This post is informational and should not be considered legal advice.
