Businesses can operate under a false sense of security when it comes to the cyber threat landscape, only to discover critical gaps in their policies when disaster strikes. Every business benefits from cyber insurance, yet insurers offer varying levels of coverage, so it’s crucial to assess the adequacy of your cyber liability policy. That’s why today we’re exploring the 5 steps to help you determine whether your business is truly protected.
1. Review proactive services and incident response support
Policies, on the surface, can look fairly similar these days, so be sure to look at the cyber services on offer within the policy. Proactive services and incident response support make a huge difference in preventing cyber attacks in the first place, and if one does occur, how fast a company recovers—or whether it recovers at all. So, look for an insurer that offers both preventative and responsive services, and evaluate whether they’re in-house and what countries they’re located in, how fast their responses times are, and the depth of support and expertise they can provide.
Having experts on hand to guide you through the restoration process can dramatically reduce the impact of a cyber attack. Just make sure the incident response team assigned to your company has experience in your specific industry, and understands the unique challenges your business faces.
At CFC, our proactive cyber services are designed to help businesses avoid the disruption and cost of cyber incidents. By leveraging real-time claims data, vulnerability scanning, threat intelligence and threat hunting, we work to identify and mitigate risks before they can be exploited. This helps to prevent cyber incidents for our policyholders, meaning less stress and lower costs.
Through our CFC Response app, policyholders have a direct line to cyber security expertise whenever they need it. Be it advice on strengthening defenses or taking immediate action to prevent an attack, policyholders gain an expert partner in navigating today’s complex cyber landscape. For businesses without dedicated cyber security teams, this level of support can be truly transformative.
These services kick in the moment a policy is bound and run 24/7 to provide round-the-clock protection. Most importantly, they’re included in every CFC cyber policy at no extra charge. Considering the cost of dealing with just one cyber incident can far exceed the price of a premium, access to proactive cyber security is truly a game changer.
2. Evaluate your coverage limits
A good thing to consider when reviewing policies is whether the financial limits of your cyber insurance are high enough. With the growing cost of incidents like data breaches and ransomware, businesses need to review whether their coverage is adequate for worst-case scenarios.
Aligning coverage limits with your company’s size and risk profile is essential—for example, a small business with limited customer data will have vastly different needs from a large eCommerce platform. If you don’t understand what your policy covers, you may find out the ramifications too late. Say your policy limit stands at $100,000 but a data breach sets you back $500,000—you’ll come out of the attack drastically out of pocket. Instead of an aggregate limit, the best policies offer unlimited reinstatements, whereby the policy limit is reset for unrelated cyber events in the same period.
With a CFC cyber policy, if an initial cyber claim exhausts the full policy limit and the business then needs to make a second, unrelated claim, they’ll receive a new reinstated limit. This allows for multiple limits, at the cost single premium payment. Not only does this represent better value for money, but it offers vital, long-term protection throughout the lifespan of the policy—ensuring the business can operate with peace of mind, even after suffering a cyber attack, knowing that their cyber policy will respond to its full capacity if another, unrelated cyber attack hits.
Find out more on unlimited reinstatements in our article explaining exactly how it all works.
3. Understand your policy exclusions
Cyber insurance policies often have exclusions, certain events or conditions they won’t cover. It’s vital to identify these to avoid further nasty surprises in the wake of an attack. Common exclusions include regulatory fines and certain types of phishing. Another is insider threats—for example, a standard policy might not cover losses from an employee stealing data. Consider the 2019 case of an IT manager at a British media company defrauding the business of hundreds of thousands of pounds and selling company equipment online. This highlights the risks of not addressing insider threats, despite such incidents potentially leading to loss, fines, and intellectual property theft.
At CFC, we try to remove as many exclusions as we can across all our policies—our recent Cyber Proactive Response product removed 6 exclusions from it’s wording! Plus, our cyber policy has no warranties or conditions that require you to have certain cyber security measures in place when you make a claim. This helps give insureds peace of mind that if they suffer an attack, we’ll be there to support them.
As always with any important purchase, read the policy smallprint, and find an insurer that offers the most comprehensive protection.
If you’re new to cyber, it’s worth finding out more about what cyber insurance actually covers. And check out CFC’s handy guide to what to look for in your cyber insurance policy.
4. Match your coverage to cyber risk exposure
The level of cyber risk varies widely depending on a business’s industry and operations, so it’s important to evaluate whether your current policy really reflects the risks your company faces. Many businesses, especially small businesses, assume they are covered without fully understanding their actual risk exposure.
- 43% of cyber attacks are aimed at small businesses precisely because they have less cyber security in place
- Only 14% of small business owners feel adequately prepared to defend themselves
- 60% of small businesses go bust within 6 months of an attack
Two case studies by Delinea illustrate how companies can end up underinsured if their policies don’t reflect their evolving risks:
- A national retailer, experiencing rapid growth and expanding its network of third-party vendors for manufacturing, distribution, marketing, and IT support, discovered its existing cyber insurance policy didn’t account for its newly amplified risks. Its increased reliance on external partners broadened its attack surface, making the business more vulnerable to data breaches and supply chain attacks. This case highlights the importance of regular cyber risk assessment as operations scale and evolve, ensuring coverage aligns with the present threat landscape.
- An equipment leasing company transitioning operations from on-premise servers to cloud-based infrastructure found its existing policy didn’t adequately cover the specific risks associated with cloud environments, especially ransomware attacks. Storing sensitive financial and personal data on 25 cloud servers exacerbated its exposure. The business learned its policy had limitations on ransomware coverage in cloud environments. This emphasizes the need for a policy to be tailored to the nuances of cloud security, and the importance of implementing robust privileged access management and multifactor authentication. To see what your business exposures are, see our industry cyber risk heat map.”
What’s more, new attack vectors and techniques are constantly emerging. To stay ahead, always go with a cyber insurance provider that offers comprehensive protection from threats. Coverage for a variety of cybercrime risks, including ransomware, invoice fraud, and social engineering scams, is vital for staying ahead of today’s threat actors. This way, when an incident does arise, rather than worrying about whether your cyber insurance covers a certain threat or scenario, you can focus on your business, safe in the knowledge your insurer is always on hand for support.
If you’re thinking of adding a cyber extension to existing policies, going with a standalone cyber liability policy offers the broadest protection against today’s cyber threats. Most packaged commercial insurance policies offer only limited cyber coverage, with many going as far as to exclude cyber-related events altogether. A standalone policy provides greater coverage and broader protection, including access to expert resources for compliance, legal fees, customer notifications, and system restoration.
5. Account for business interruption
When your company experiences a cyber attack, the cost isn’t just in the recovery—downtime can be extremely expensive, too. Business interruption coverage is a key part of many cyber policies, but is it enough to cover the losses your organization could face? Consider the case of the accountancy firm whose operations were paralyzed and its digital assets compromised by a cybercriminal who had gained a high level of access. The firm was facing a total recovery cost of over £1.2 million, which included business interruption loss—but thanks to its cyber insurance policy with CFC, all costs were covered.
Business interruption losses can be especially damaging in certain sectors, such as construction, in which cybercrime like funds transfer fraud is especially impactful. These sectors in particular should pay close attention to the length of potential downtime and the knock-on effects, like reputational damage and loss of customer trust, which often have long-term financial consequences.
Stay ahead of cyber threats—fortify your defenses with the right policy
Cyber insurance policies can be complex when you consider all the nuances in cover that are involved. But with cyber threats changing constantly, and businesses’ cyber exposure evolving with them, it’s always best to go with comprehensive insurance. For the best cover, you don’t need to deliberate between clauses, trying to forecast how your business will be impacted. Instead, you can rest assured you’ll have the support and coverage you need if—and when—an incident strikes.
Check out CFC’s Cyber hub to stay ahead in the rapidly evolving world of cyber liability insurance. For anything else, you can get in touch with our underwriters, or reach out to our expert team at cybermarketing@cfc.com.
