Insurance: Cyber coverage: more than just an insurance policy

By Jeff Forbes
Jeff_Forbes.jpg

More and more companies are purchasing cyber insurance as the risks to companies’ businesses from the breach of their networks expand. And more companies are requiring that their vendors and contractors obtain cyber insurance to protect themselves from breaches caused by third parties. As the cyber insurance marketplace grows, it’s important for companies to know what they get with their cyber insurance policies to maximize the advantage of their purchase.

As one example, many cyber companies provide pre-loss services as part of their cyber insurance policy. The purpose of these services is to help companies find areas of potential vulnerability and fix those vulnerabilities before they cause a breach. It’s a good investment for the insurance company because these services can drastically reduce the possibility that they will have to pay out on a claim.

The exact nature of pre-loss services will vary by cyber insurance carrier. Many offer cyber risk assessments and reviews. For example, they might offer to review and validate your incident response plan. A lot of them offer phishing simulations to catch employees who are too lax with email security. Others will offer a consultation with a cybersecurity expert to address areas of weakness.

Many insurance companies also offer protective software to customers as part of their cyber insurance policies. This can include up-to-date antivirus software and malware detection programs. It may also include programs to help protect your network from distributed denial of service attacks (DDoSs). 

Additionally, almost all cyber insurance policies come with a host of online education tools businesses can use to train themselves and their staff on better cybersecurity practices. As many breaches are the result of human error rather than technological vulnerability, engaging with these education tools is a vital way to help prevent carelessness from costing your company through a breach.

Still, many companies do not engage with the pre-loss services offered as part of their cyber insurance policy. This may be due to lack of awareness of the offerings available. It may also be due to lack of time or staff to fully engage with the tools. But the failure to prioritize cybersecurity can be incredibly costly in today’s world, and it is more than worthwhile to take the time to learn about the services provided as part of your cyber insurance policy.

Ultimately, these tools are being provided because prevention is cheaper than fixing a breach after it happens. Companies will find it more than worth their while to engage with the pre-loss services offered as part of their cyber policies.

Jeff Forbes is a blog contributor specializing in risk, legislation, regulations and casualty topics for ECBM Insurance Brokers and Consultants, headquartered in Media, Pennsylvania. He can be reached at jforbes@ecbm.com.