Cyber security adviser Joseph Steinberg and Mark Lynd of NETSYNC have posted their top considerations when obtaining cyber insurance. The full post is at https://josephsteinberg.com/13-considerations-cyber-insurance/. Some of them may seem self-evident, but others are not so obvious.
- Be careful and accurate in completing an application. Depending on policy language, falsehoods and misrepresentation can result in claim denial or voiding the policy. (Technical questions about the system should be reviewed by the administrator.)
- Be aware of, and comply with, requirements for system maintenance in the policy.
- Review the policy - or have it explained to you - so you know in advance what is and isn't covered.
- Where coverage is claims made (the normal case for cyber liability) be aware of reporting terms including extended reporting periods if you change insurers.
- Understand policy limits and exclusions (and definitions, which may be critical in determining coverage).
- Ransomware payments may be covered, but insureds may be penalized for violations of law. Payments to parties under sanctions are excluded.
- Be aware of any territorial limitations.
- Be aware of and follow claim reporting requirements.
- Be aware of any conditions requiring insurer's consent.
- Insurers may have approved lists of service providers, which you are required to use in the event of a claim.
- Know your sensitive information - personally identifiable information, HIPAA data, financial or confidential information - and its value in case of a breach.
- Check the policy for conditions about disposal of compromised data.
- As coverage keeps evolving, be aware of policy terms changing at renewal. Check for new coverage updates which may be available from other insurers.
As your insurance adviser, Beacon will review these and other issues in your cyber insurance with you.