Cyber Insurance Coverage Checklist for Agents

Cyber insurance and privacy liability coverage for businesses continue to increase in demand, with very real threats putting pressure on companies to protect information. While this offers an excellent opportunity for you to reach a growing target, the complexity of cyber risk management calls for expertise to ensure your clients have the coverage they need. 

Keep reading to discover our  cyber insurance coverage checklist with all the important details to remember when preparing policies for your clients.

Cyber Insurance Coverage Checklist For Independent Agents

Follow this step-by-step checklist to ensure nothing is missed when underwriting a cyber liability insurance coverage policy.

1. Determine the Level of Risk

Every business faces specific risks unique to its operations and industry. The most important factors when determining risk include:

• What technology is critical to business operations?
• What types of sensitive information or systems do they  store or transmit?
• What are the different levels of information that must remain available for day-to-day operations?
• What are their confidentiality vulnerabilities?
• What is the level of personal information collected, stored, and transmitted?
• 
  What information requires anonymization if there is an encryption failure?
• What types of devices present the most risk?
• How much risk is there for data corruption?
• What types of IT systems, networks, and software are the most likely to attract data breaches?
• Does the organization face reputational harm if there is a security incident, and if so, to what extent?
• What are the financial risks of a cyber-attack?
• What business operation risks would a cybersecurity event present?
• Does the organization have a business continuity plan to resume operations after an event?

These questions allow you to identify strengths and weaknesses to determine the level of coverage required and calculate premium costs for that coverage.

2. Identify Coverage Needs

Cyber insurance coverage is based on how reliant a client is on the data and systems for their day-to-day operations. The more a client and their customers rely on the information impacted by a breach, the more financial protection they require. Assessing that financial impact requires cost estimates for:

• Direct costs such as system repairs and data recovery
• Indirect costs such as business disruption, reputation management, legal fees, etc.

The size of the business and industry also influences risk. For example, at first glance, a bank handling sensitive financial data will require significantly more cyber liability insurance and coverage than a boutique fashion shop. However, a boutique shop handling sensitive personal and financial customer information such as email addresses and credit card numbers presents a risk for significant losses. Assessing all angles, risk factors and the potential impact of cyber threats on business operations will help you identify coverage needs.

3. Implement Risk Mitigation Strategies

A cyber security strategy outlines steps taken to keep a business safe from cyber attacks. Cyber security best practices include:

• Security Awareness: Assess the cyber security environment to understand vulnerabilities to inform businesses of what steps must be taken to protect or, preferably, eliminate those vulnerabilities.
• Risk Prevention: Identify the first line of defense, such as password management, firewalls, anti-virus software, etc., to address cyber vulnerabilities such as applications, administrative privileges, backup practices, etc. Documenting a cyber security framework defines security policies and implements management within the cyber security environment.
• Data Management: Effective data management ensures there are access controls such as role-based access, protection for stored data, data transfer protocols such as encryption and SFTP, MFA and  HTTPS, immediate adjustment to access rights as required, ongoing security audits, and a robust backup and recovery plan.
• Keep Improving: Ongoing monitoring and reviews, such as security audits, following security trends and new cyber threats, and updating security policies, allow for constant improvements to security strategies based on evolving threats and new vulnerabilities.

4. Understand First vs. Third Party Coverage

There are two categories of cyber insurance coverage:

1. First Party Coverage: Covers the direct response to a cyber event to resolve and mitigate further risks, such as credit monitoring, crisis management, legal advice, data restoration, hardware replacement, diminished operations, notification to those impacted, etc.
2. Third-Party Liability: Covers the delayed or associated costs impacting third parties after the event with higher costs than those spent on direct response. Examples include privacy liability lawsuits by those affected by the data breach, copyright lawsuits regarding the exposure of intellectual property, negligence lawsuits, fines and penalties, etc.

5. Evaluate Policy Terms and Conditions

Cyber insurance policies must base terms and conditions on specific types of attacks or accidents to reduce the costs associated with blanket coverage. Common terms and conditions include details such as:

• Exclusions based on a client’s business practices
• Investigations where the client must meet a burden of proof
• Provisions for timing for coverage once a claim is made
• Broad versus trigger-specific coverage
• Coverage for third-party errors by vendors, suppliers, SAAS, etc.
• Restrictions based on region
• Conditions that make changes to cyber security strategies must be reported to the insurance provider to qualify for coverage

6. Compare Quotes from Multiple Insurers

The key considerations that impact quotes from multiple insurers include:

• Industry: Industry risk based on the level of sensitive customer data in hand with industry-specific regulations and compliance requirements contribute to premiums.
• Claims History and Loss: Frequent claims or large losses increase premiums.
  Business Size and Revenue: The higher the revenue and the larger the business, the higher the costs associated with a cyber incident and the higher the premiums.
• Coverage Type: Limits, deductibles, and the scope and type of coverage all impact premiums.
• Location: The regulatory environment and frequency of cyber events in which a business operates can also impact costs, with strict regulations and common events adding to premiums.

7. Consider Additional Coverage Options-Cyber Crime

Some additional coverage options not all businesses need might include social engineering to protect against fund transfer fraud, where an employee mistakenly is directed to send money to a malicious actor or reputational harm to cover time-limited losses related to brand reputation.

8. Review Policy Annually

Once a policy is in place, it’s important to reach out to clients to review cyber insurance policies to ensure the coverage still aligns with evolving risks and their business needs.

Cyber Liability with Novatae

A thorough cyber risk assessment is the foundation for appropriate insurance coverage. This checklist is a valuable tool for agents advising clients on cyber insurance options to ensure important considerations that can leave gaps are not overlooked.

Novatae specializes in placing specialty insurance coverage for unique, complex, or hard-to-place risks including cyber insurance products. For more information on our insurance services and capabilities, contact our team of wholesale insurance experts today.  

This article is not intended to be exhaustive, nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice.