Article January 10, 2019

FTC publishes guidelines for businesses considering cyber insurance

The Federal Trade Commission (FTC), an American body focusing on consumer protection, recently espoused the benefits of cyber insurance and published guidelines on what small businesses, in particular, should look out for when looking for a suitable policy.

Recognizing that cyber insurance is a valuable risk management tool but that policies can vary widely, the FTC’s list of important coverage points that they think customers should look for in a cyber insurance policy. These include:

  • Access to a 24/7 breach hotline;
  • Incident response costs, such as computer forensic services, legal counsel and customer notification and call centre services;
  • The cost of recovering or replacing lost or stolen data;
  • Income loss due to business interruption following a cyber incident;
  • Cyber extortion and fraud;
  • Third party coverage, such as payments to consumers affected by a breach, litigation costs, and losses related to defamation and intellectual property rights infringement.


The guidelines provide a good starting point for those businesses that are looking to buy a cyber insurance policy, and the good news is that CFC’s award-winning cyber policy fulfills them all.

However, we think it’s important to note some coverage areas that are particularly worthy of attention:

  1. Access to incident response support is absolutely vital for smaller businesses that typically won’t have support in-house. A good policy will generally pick up all of the costs involved in responding to a cyber incident in real time, including IT security and forensic specialist support, gaining legal advice in relation to breaches of data security, and the cost associated with having to notify any individuals that have had their data stolen. One of the most important aspects of a cyber policy is that it provides access to the right specialists as well as paying for their services.
  2. The importance of cover for the electronic theft of funds is becoming increasingly apparent, especially for small businesses. This area alone was responsible for 26% of CFC’s cyber claims by volume in 2018. These common scams are an incredibly quick way for businesses to lose tens, and even hundreds, of thousands in just a few minutes, so brokers and their clients should be on the lookout for affirmative cover for this.
  3. Similarly, cyber business interruption is now a major risk for most businesses. We’ve seen a consistent increase in the number of cyber business interruption losses year-on-year for the past five years, but there is a lack of standardisation around business interruption in policy wordings, with a wide range of different approaches being adopted by insurers. Our latest policy contains market-leading business interruption that can be triggered by both cyber events and system downtime, and covers the full supply chain.

The FTC is right to point out the value of cyber insurance for businesses. In many cases, it is one of the only ways to ensure a business’ survival of a severe cyber event, now evermore common. Today, there are a wealth of options to buyers considering this important cover. The FTC’s guidelines are a good place to start when trying to find a well-rounded policy, and we’re proud that CFC’s policy fulfills these and more.

Further resources: