A primer on cyber risk insurance coverage
Are you up to speed on cyber insurance coverage options? If you answered yes, you are one of few. It's an emerging area of insurance responding to an emerging and dynamic threat. An excellent Risk & Insurance article by Steve Raptis notes that, "Unlike other types of insurance, there is no standard form on which the insurance industry as a whole underwrites cyber coverage." As an industry, we haven't even settled on a name for the coverage, let alone ironed out all the coverage details.
Analyzing Cyber Risk Coverage offers as good an overview as we've seen on the topic. Raptis is an attorney, so his analysis is informed by his role in counseling and representing corporate policyholders on a broad range of complex insurance-related issues and disputes.
He notes that:
"There also are important terms and conditions of cyber policies that can have a significant impact on available coverage. While no company can reasonably expect to secure every available component of coverage, awareness of differences among the policies being offered is critical to maximizing premium dollars spent."
He offers an overview of third-party (liability) coverages, first-party coverages and a wide array of other key provisions, such as triggers and exclusions.
Another recent article in Risk & Insurance demonstrates that there is significant confusion about these products. Tom Starner looks at the results of two recent surveys on data security in Risk Managers Struggle With Data Security.
A survey by Trustwave found that:
21 percent% of the responding businesses do not have data breach incident-response procedures in place
20% do not have a process that enables reporting of security incidents
63% do not have sophisticated methods to control and track sensitive data
49% fully encrypt stored sensitive data
An A.M. Best survey looked at the insurance industry and identified "cyber security as one of the most serious emerging risks facing insurers." Yet only 10% of respondents said they had a dedicated cyber security policy.
Starner discusses misconceptions and risk assessment gaps that plague many companies.