Article April 1, 2021

How to choose a cyber insurance provider

With cyber policy language becoming more standardised, how can you tell the strongest cyber policies from the weakest ones?

Today’s cyber insurance products go beyond words on paper… or at least, they should. From the claims service on offer to the breadth of data they hold, there are several things beyond policy language alone that brokers and clients should be looking for when choosing a cyber insurance market.

But what questions should you be asking? CFC’s Lindsey Nelson held a webinar on the subject and below are her top three suggestions on what to look for in a provider. But make sure to listen to the whole webinar recording if you missed it first time around!




  1. Do you have an in-house cyber claims team?

One of the biggest reasons that this is important is that the goals of in-house cyber claims teams are naturally aligned with their policyholders – for everyone involved, it is in their best interest to get any cyber incidents under control quickly and efficiently in order to minimise business impact and the size of the loss.

Even better, when an in-house cyber claims team is in place AND operates at scale, it means that patterns emerge. This gives this team unique insight into cyber attack trends in real time, allowing them to learn important information from current claims and improve services for future incidents.

Finally, having an in-house team rather than outsourcing all functions means that clients have a single point of contact throughout what can be a stressful time. Having a project manager on hand to handle all of the stakeholders ultimately reduces confusion and wasted time, money, and energy.


  1. What does your sanctions process look like on behalf of clients?

Ransomware losses are at the forefront of every cyber insurers mind right now, and one of the major questions around cyber insurance is whether or not the ransoms should be paid. The short answer is that it’s not simple. That’s why it’s important that a cyber insurer has an objective and transparent process for the steps they take with respect to sanctions before they advise clients on what to do in the event of a ransomware attack.

Given how serious it is if sanctions checks are not considered, you should expect a well-informed response from your cyber insurer on what their process is. Afterall, paying a sanctioned entity can land clients in serious hot water with global regulatory authorities.

  1. Do you have meaningful claims data?

Another way to ask this is: “How long have you been providing cyber insurance and do you have a broad appetite?” The answer should be, “Many years and yes.”

It is vitally important that the cyber market you place your insurance with is established and has experience dealing with a high volume and variety of cyber claims types. Not only can this data be used to tell what’s causing attacks, for what industries, and what security helps, but it makes it clear that the provider is a long term partner who had made the investments needed in order to manage this quickly changing landscape. A healthy claims data repository can be used to proactively prevent future claims and costly headaches for businesses across the board.

For example, CFC’s cyber claims team was recently made aware of a major vulnerability with Microsoft Exchange, in which we detected that several policyholders were at risk of being attacked. Multiple departments at CFC – from threat intelligence to underwriting – worked together to proactively reach out to policyholders, many through our mobile app, and help them patch vulnerable systems. 


To hear Lindsey Nelson discuss these important questions in more detail, make sure to listen to the webinar recording today.


Want to learn more about CFC’s cyber policy? Visit our product page or check out our other great cyber-related resources.