Insights

Cyber Liability Insurance Buying Guide

October 4, 2021

/Cyber Liability

New cyber threats continue to emerge nearly daily, hitting every size organization from small businesses to the federal government. Those who aren’t thinking about cyber liability and how to address it may be forced to handle a problem when they least expect it. For a new buyer of cyber coverage, the assessment and buying process can be intimidating. To help, we have produced a Cyber Liability Insurance Buying Guide.

Cover page to Cyber Liability Insurance Buying Guide 2021

Cyber Liability Insurance is Critical

Chances are good that your organization stores or deals with a large volume of personal data and relies on technology to operate. If your work is in a highly regulated industry like healthcare or finance, you must be in compliance with data security provisions or face penalties. Regardless of your industry, cyber liability insurance is often a contractual requirement and an important part of your board’s due diligence. For all of these reasons (and more), cyber liability insurance is a necessary part of today’s insurance strategy.

8 Reasons to Buy Cyber Insurance

  1. Cyber Insurance responds to ransomware. Every CISO will tell you that network security is important, but none will say that their security is impenetrable. When security fails, cyber insurance is an important backstop to have. From the ransom payment to forensics investigations to business interruption losses, cyber insurance responds to ransomware.
  2. You’re reliant on technology to operate your business. As organizations increase their use of technology in order to operate, that reliance creates cyber risk. If the technology were to become unavailable, the resulting business impact could be mitigated with cyber insurance.
  3. Your organization holds a large volume of personal data. Collecting, processing, and storing large volumes of personal data on customers or employees subjects many companies to state-specific data breach laws. Cyber insurance can help cover costs to comply with state, federal, and international laws.
  4. It’s part of your board of director’s due diligence. Many boards have taken a keen interest in cyber security as part of their company oversight role. Cyber insurance is top-of-mind for a diligent board.
  5. You’re subject to privacy regulations. There is a wave of consumer privacy rights regulation sweeping the globe, such as GDPR in Europe and CCPA in California. Highly regulated industries such as healthcare and finance are no longer the only industries facing the risk of penalties for cyber security and privacy compliance failures.
  6. It’s a contractual requirement. Many contracts with vendors or clients require cyber insurance to be in place prior to executing the contract.
  7. It comes with a turnkey incident response plan. Cyber insurance policies come with a team of vendors that specialize in incident response—from legal counseling to IT forensics, consumer notification, on-demand call centers, and public relations specialists.
  8. Pre-loss services are included as part of insurance. Many cyber insurance policies come with pre-loss risk mitigation services included in the premium or offered at a discount. These security tools and best practices can offset security spend and provide significant value, particularly for small-to-medium enterprises.

Assessing Cyber/E&O Risk

Service RiskSecurity RiskPrivacy RiskOperational Risk

Errors & Omissions

  • Failure of service or products to perform as intended

Contractual Liabilities

  • Indemnification
  • Liability caps

Aggregation of cyber risk

  • Cyber event leading to financial loss at multiple customers at same time

Network Vulnerabilities

  • Malware
  • Ransomware

Data Breach risk

  • Personally Identifiable Information (PII)
  • Personal Health Information (PHI)
  • Payment Card Information (PCI)

Confidential Corporate Information

  • Third-party confidential information

Consumer privacy rights

  • Data collection, processing, storage, and use

Regulatory risk

  • General Data Protection Requirement (GDPR)
  • California Consumer Privacy Act of 2018 (CCPA)

Reliance on technology to operate

  • Increase in automation of manufacturing sector
  • Increase of cloud adoption
  • Enterprise Resource Planning software such as billing and scheduling

Get Advice on Managing the Risk, Policy Coverage, and More

To make it easier to evaluate and mitigate your cyber risk, check out our Guide to Cyber Liability Insurance:

Cover page to Cyber Liability Insurance Buying Guide 2021

Here, you will learn how to recognize the cyber risks in your own organization, understand what cyber insurance covers, and identify the specific reasons why a comprehensive approach is the best way to protect your organization from cyber risks.

Some of the topics covered in the Guide include:

  • Cyber Risk Assessments
  • Risk Transfer: What’s in a Good Cyber Policy?
  • Cyber Loss Modeling
  • Choosing Limits
  • Incident Response: Worst-Case Scenario

GET THE GUIDE >>

FEATURED VIDEO

Before an Attack, Incident Response, and Cyber Insurance

 

IN THE NEWS

Related Blog Posts

Was this post helpful?

See all articles by Dan Burke

All views expressed in this article are the author’s own and do not necessarily represent the position of Woodruff-Sawyer & Co.

Dan Burke

Senior Vice President, National Cyber Practice Leader

Editor, Cyber Liability

As National Cyber Practice Leader, Dan drives the strategy to grow our cyber business, such as developing tools to help clients and prospects understand and quantify their cyber exposures, as well as thought leadership. He frequently speaks at industry conferences and has been quoted in various trade magazines and newsletters, including The Wall Street Journal.

415.402.6514

LinkedIn

Dan Burke

Senior Vice President, National Cyber Practice Leader

Editor, Cyber Liability

As National Cyber Practice Leader, Dan drives the strategy to grow our cyber business, such as developing tools to help clients and prospects understand and quantify their cyber exposures, as well as thought leadership. He frequently speaks at industry conferences and has been quoted in various trade magazines and newsletters, including The Wall Street Journal.

415.402.6514

LinkedIn