Cyber coverage can be a wide subject so when looking for coverage’s it’s good to have some available coverage’s in mind. Four basic coverage’s are Errors and Omissions, Media Liability, Network Security, and Privacy.
Briefly, Errors and Omissions also known as E&O covers claims resulting from an error in the performance of your services. The services can include technological as well as more traditional professional services like lawyers and doctors.
Media liability covers broad areas like defamation, invasion of privacy, infringement of copyright, and plagiarism.
Network security or Data Breach is a big one in Cyber Insurance. Businesses usually keep important documents like customer/patient records such as medical histories, credit cards, bank account numbers, and social security numbers. These pieces of information are important to protecting an individual’s identity. An example of how network security can happen is if you are holding patent applications for a client and the information is stolen.
Lastly, privacy doesn’t have to involve a network failure. It is a breach of physical records which can happen in many ways. Files tossed in a dumpster rather than properly shredded and disposed can be a hazard. Human errors also occurs in daily life. Losing technology is costly, especially when it’s a laptop, iPhone, or other important data carrying device. Having passwords that are hard to crack can also help when misplacing important devices. Sending information to the wrong email address and forgetting to delete important customer records on a device that is getting tossed away or sold are ways human errors have or can occur.
All insurers use different terminology for cyber coverage; some subdivide the four components above even further, which means that cyber policies can be very difficult to read and compare.
Losses connected to cyber liability include breaches causing identity theft, network security, and more. The coverage’s can be tailored to your business type such as small business or type of industry for a better precise coverage.
Important Questions to consider when making your Policy:
- What security controls can you put into place that will reduce the premium?
- Will you have to undertake a security risk review of some sort?
- What is expected of you to reduce or limit the risks?
- Will you get a reduction for each year you do not claim?
- What assistance is provided to improve information governance and information security?
- What and how big a difference to your future premiums will a claim make?
- What support if any will be provided to assist in making the right security decisions for the industry / business you are in?
- The security / protection industry is very fast changing, how can the insurance ensure that your policy is current?
- Do all portable media/computing devices need to be encrypted?
- What about unencrypted media in the care or control of your third-party processors?
- Are malicious acts by employees covered?
- Will you have to provide evidence of compliance to existing Data Protection Principles, in relation to your actual processing, to prove you were not acting disproportionately?
- Although ignorance of the law is no excuse, we are just not able to keep up with all the compliance issues that may affect all the territories our company works in, would you refuse a claim if you were processing data that may contravene laws in one country but not another – because insurance policies often stipulate that you must not be breaking the law?
- What if there is uncertainty around whether the incident took place a day before the cover was in place or on the day?
- Are the limits for expenses grouped together in a way that the maximum limit that is covered is likely to be achieved very quickly, unless you increase the cover?
- Are all and any court attendances to defend claims from others covered?
- Could you claim if you were not able to detect an intrusion until several months or years have elapsed, so you are outside the period of the cover, (as with the Red October malware which was discovered after about five years)?