In today’s connected business climate, cyber-attacks are no longer a question of if, but when. More and more, we’re seeing people reach out to discuss their options when it comes to securing cyber liability insurance – from adding personal cyber liability to an existing homeowners policy to a robust commercial cyber liability plan.
“One in five businesses have been affected by a cyber-attack or data breach in the last two years”, says Lisa Butler, Commercial Service Manager with Wedgwood Insurance. “The sad reality is that the most common causes of a hack stem from a lack of employee training and honest mistakes. People don’t mean to click on a malicious link, but they do, and then what? The damage is done.”, says Butler.
All insurance coverage begins with an application, and cyber liability insurance is no exception. Cyber liability insurance does not have a streamlined underwriting process like other established insurance lines do. Currently, cyber insurance application forms are not standard and can be labor intensive, often containing many pages.
As the old saying goes, “If you fail to plan, you are planning to fail.” and this holds true for applying for cyber insurance. For companies looking to purchase cyber insurance, the application procedure itself can be challenging. However, suitable cyber liability insurance continues to be an essential risk-transfer instrument for businesses of all sizes. It is crucial to be ready for the application process itself if you want to guarantee that your firm will have the appropriate amount of insurance when it counts.
What Type of Information is Reviewed?
An underwriter’s job is to assess risk and determine limits and pricing. Insurers depend on the detail contained in an organization’s application, and any vagueness or incorrect information can create issues if and when you file a claim. In order to properly determine your organization’s cyber risks, insurers will review information related to the following:
- The basics. Insurers will want to know what industry your organization operates in, as well as how much and what types of information your organization stores, processes and transmits. In addition, underwriters will look to see how you manage data security and who is in charge of overseeing cyber-related matters.
- Information security. When it comes to on-site security, underwriters want to know if you have a formal program in place to test and audit security controls. In addition, underwriters typically look to see if you have basic controls in place, including firewall technology, anti-virus software, and intrusion detection software.
- Breach history. During the application process, underwriters will take a closer look at your breach history. In general, they want to know if the data you house is particularly vulnerable and how effective your data security techniques are.
- Data backup. Knowing how your organization handles data backup helps insurers better understand your level of data loss risk. Underwriters will want to know if you back up all of your valuable data on a regular basis, if you utilize a redundant network and if you have a disaster recovery plan in place.
- Company policies and procedures. Communication is important when it comes to reducing your organization’s cyber risk. That’s why, during the underwriting process, insurers want to know what types of cyber security and incident response policies you have in place. In addition, it’s likely you will be asked how you handle password updates, the use of personal devices and revoking network access to former employees.
- Compliance with legal and industry standards. Failing to comply with cyber-related legislation can be incredibly costly, and insurers will want to know how you handle compliance. Specifically, they will review whether you are compliant with applicable regulatory frameworks, are a member of any outside security or privacy groups, or utilize out-of-date software and hardware.
The more detailed and specific an organization can be during an initial underwriter review, the more likely it is that the organization will receive the proper amount of coverage and good terms.
Tips for Applying for Cyber Insurance
For cyber coverage to be effective, it requires a high level of due diligence on the part of prospective policyholders. To get the most out of your policy, you will want to consider the following best practices when applying for cyber insurance:
- Gather accurate data. Before the application process, it’s critical to speak with your information technology (IT) management team and any vendors you utilize in order to collect accurate data. It’s important to quantify the data on your network. Above all, get a solid estimate on how much personally identifiable information you have, including employee data.
- Be honest. To complete the application process properly and get the best possible policy, honesty is important. When working with your insurer, be clear about your organizational setup, security protocols, and breach history. Not only will this help in securing adequate coverage, but it will also reduce the risk of your policy being voided if carriers find out you were dishonest during the underwriting process.
- Don’t wait. Even if your organization hasn’t taken the appropriate steps to reduce its cyber risk, going through the cyber insurance application process can help identify exposures. Your insurer can work with you to get the best coverage possible today, leaving room to negotiate down the line when your data security methods are stronger.
- Involve the right people. The application process for cyber insurance can be complicated, and it’s important to have key personnel help you. In order to complete a cyber liability insurance application, an organization may need to work with their risk managers, IT professionals, HR department, financial officers, board of directors, executives, privacy officers, marketing team, and legal professionals.
- Work with experienced brokers. Because cyber insurance is relatively new, some brokers are more experienced in the underwriting process than others. To get the most out of your policy, work with a carrier who can accurately assess your exposures and offer your organization the best protection. More experienced brokers can even provide details on how similar companies in your industry handle cyber security.
Taking all the above into account will not only prepare you for the cyber insurance underwriting process but can also improve data security upfront.
Don’t Go in Unprepared
The application process for cyber insurance is both detailed and extensive. However, taking the proper steps before the application process for cyber insurance should reduce your data breach risk, making your organization more attractive to insurers and reducing your insurance costs overall.
When applying for cyber insurance, be sure to scrutinize policy terms, premiums, and underwriting programs. Doing so can put you in a better position to secure the right coverage. For assistance applying for cyber liability insurance, contact Wedgwood Insurance Limited today. Butler goes on to say, “It’s not a question of if, but when. A data breach can result from a simple mistake. Can your business afford it?”
“When we make a cyber liability submission for our clients, we leave no stone unturned. We gather all the details. We go the extra mile. We paint the whole picture, so when it hits an underwriter’s desk they know they have a quality submission in their hands.”, says Butler.
Expert Advice from Wedgwood Insurance
We’ve seen Facebook scams before and we’re here to provide guidance for cyber liability protection. There’s more to insurance than the price of the policy and Wedgwood goes above and beyond for our clients with expert advice you can trust. But don’t take our word for it – there’s a reason we’re Newfoundland & Labrador’s most trusted insurance broker.
With over 220 Google My Business reviews, come experience the Wedgwood difference with expert advice from our dedicated team. We work to ensure that every client has the coverage that best suits their needs through upfront complimentary consultations and midterm reviews.