10 Questions to Ask When Buying Cyber Insurance

Many small businesses have not yet purchased cyber insurance but the threat for them is very real. Perhaps they don’t know where and how to get started with the purchase process, or what to look for? A recent personal experience reminded me of the importance of getting insurance in place. 

It pays to be prepared

The day I set out to write this article about Cyber Insurance was the same day my car was broken into. Someone completely pulled out the driver side rear window and climbed into my car. Not only did the thief completely smash the window, they also scratched the paint and stole my husband’s golf clubs out of the trunk. I was in shock and my husband, a little depressed.  

As someone who started a career selling car insurance, I’ve heard numerous recounts of similar situations. This is why we have outdoor cameras, motion-activated lights,  alarm systems,  a passive immobilizer, and are always careful not to leave anything visible inside our vehicles. Despite all the loss prevention measures we had in place, the thief was left undeterred and freely entered and exited the vehicle undetected causing thousands of dollars in damage and a high level of emotional distress (mostly my husband’s grief for his clubs).  All this for the thief to make a few bucks selling left-handed golf clubs. 

Within 5 minutes, I called our insurance company and had made an appointment at our local garage who ordered the glass and assigned us a rental vehicle. I can proudly say I am an insurance geek!  I know the claims phone number off the top of my head and have a relationship with a local shop who took us right away – all part of my incident response plan! Moreover, I also know our car policy inside out and know we have $500 deductible for this type of incident. By the time you read this article, I expect that this matter will be behind us, costing us approximately $1000, all thanks to the insurance policy we have in place and my ability to navigate through this incident quickly. It paid to be prepared.

Cyber insurance – a cost of doing business

The estimated worldwide auto-theft rate is 85.3 per 100,000 residents, which equates to 5,066,600 stolen vehicles annually. In comparison, 30,000 websites were hacked daily in 2021. Let’s do the math: that’s almost 10,950,000 hacks a year! The odds of going through a cyber breach are against us. 

As a business owner, my most valuable assets include intellectual property, employee and client information. The impact that a cyber breach or a denial of service attack could have on my business (and my life for that matter) far exceeds the impact, or disruption, caused by a broken car window and stolen golf clubs (or a stolen vehicle for that matter). Yet, being an emerging product, Cyber Insurance is a coverage that most small businesses haven’t purchased. We haven’t accepted that Cyber insurance, much like auto and general liability coverage, is an indispensable expenditure for doing business in the internet era.  

Are you considering buying this coverage? If not, perhaps you should be. Here are my thoughts on what to do and what questions to ask as you work through the process.

When buying cyber insurance

Cyber Insurance is a relatively new insurance product and there is a lack of standardization in terminology. As a result, understanding what is covered and what isn’t covered under a cyber policy can be a challenge.

As with any other insurance policy, begin by thinking about your exposures (your risks).

For example: 

    1. What confidential information do you hold and what would be the impact of someone getting their hands on that information?
    2. Do you hold personally identifiable data? How many individuals would you need to notify if their information was breached? Where are these individuals located (i.e., locally or abroad)?
    3. Do you hold third-party confidential data pertaining to other companies under confidentiality agreements?
    4. Are there other businesses or individuals that rely on your systems to generate income?
    5. Do you depend on your systems or network to generate revenue? 
    6. How quickly could you recover from a breach and start operating again? Do you have backup systems? Are these backup systems tested regularly?
    7. Do you back up your data and test those backups regularly? 
    8. Do you have a website or social media accounts such as Facebook, Twitter or Instagram? 
    9. What is your exposure to wire transfer fraud? I.e., How often and how much money are you transferring and who has the authority to execute transfers? 
    10. Do you have immediate access to cryptocurrency to pay a ransom demand if your systems were held hostage? 

Now, make a list of the exposures that you have and derive a list of scenarios that would impact your operations.

Next, ask how the policy you’re purchasing would respond in those scenarios. Here are the questions I recommend asking when buying a cyber insurance policy.

10 questions to ask when buying cyber insurance

  1. What is the experience of the insurance company with cyber Insurance and their track record for paying claims?   
  2. Is there a 24/7, 1-800 number dedicated to Cyber claims?
  3. What loss prevention services does the policy include? 
  4. Does the insurance company have a dedicated claims team for cyber claims and where is that team located? Who are the vendors who will be dealing with the claim in the event of a loss? 
  5. Will the insurance respond to a cryptocurrency ransom demand?
  6. Does the policy include coverage for Social Engineering Fraud?
  7. Will the policy respond to re-create data? (and not just restore it?)
  8. When it comes to business interruption coverage, to what extent will the policy respond? And when will coverage cease? Is there any coverage for reputational damage? 
  9. Will the policy respond to an unknown breach that occurred prior to buying coverage? If so, to what extent? 
  10. What are the limits of insurance for each coverage? Are these separate, shared, or aggregate limits?

Cyber insurance policies in general are similar, including Third-Party and First-Party coverages. However, insurance company experience in cyber insurance and the way they respond to a breach can vary greatly making the above questions all the more important for your purchase decision. 

If you’d like to learn more about cyber insurance, read this article: What is cyber insurance?

Sign up for Cyber Insurance 101
Cyber Insurance
Best Seller
1.5 Hours

Cyber Insurance 101

Take the course! Learn the fundamentals of Cyber Insurance. Discover how and why privacy and security breaches create exposures for companies and what coverage is available.
This is default text for notification bar