10 questions to ask your insurance broker about Cyber Insurance
Does this cyber insurance policy cover both first party and third party risks?
First party risks are risks that your business faces in the event of a cyber attack (eg. loss of your data, damage to your equipment, having to extract viruses). Third party risks are risks to your customers that result from a cyber attack on your business (eg. breach of their data or a virus entering their network from an email that your business has sent them).
Does this cyber insurance policy cover attacks on our critical suppliers?
When a supplier to your business experiences a cyber attack your business may be significantly impacted.
What coverage is included for cyber-related business interruption?
If your business is unable to trade, or has increased costs of doing business during a breach you may be entitled to make a claim against your cyber insurance policy. This may be as a result of a DDoS (distributed denial of service) attack, a hacking or a malicious insider event.
What coverage is included for our cloud-based infrastructure?
If your business relies on cloud computing or cloud-based data storage then you are susceptible to any interruption in service by that third party provider. Check your contract with your cloud-based provider to determine if they have limited their liability. Ask about Contingent Business Interruption, which is designed to provide cover for this scenario.
We only use the internet for business processes, not for business delivery, do we still need cyber insurance?
Cyber insurance is relevant for any business that conducts some or part of their business activities online. This includes external service delivery, as well as internal and external communications, or the storage of any customer or business data
What is the claim process when a cyber incident occurs?
Some insurers will offer around the clock support over the phone. Some insurers have an app that you can use to make a claim. Cyber breaches may happen at any time of the day or night. Ask your insurance broker what happens next following a cyber event.
Can I select my own provider to rectify the issues in the case of a cyber incident?
Some insurers will specify who is able to provide help to you when you need it. Other policies will allow you to select your own provider.
What can I do to reduce my cyber insurance premium?
Reducing your risk is a key way to reduce the cost of your premium. This may include tightening your security practice around data storage, performing regular data backups, installing security software such as anti-virus and email filtering, keeping your hardware, network and software up to date and having an employee education program.
When am I protected by my cyber insurance policy?
Cyber insurance policies will include waiting periods (when does my cover start?) and indemnity periods (for how long will I be covered following an incident?). Some policies will cover undiscovered incidents that occurred before cover was taken out, and others will not. It is important to be clear about the timeline of the protection afforded by your cyber insurance policy.
Last but not least, one of the most important questions to ask about any insurance policy.
What are the exclusions of my cyber insurance policy?
When taking out any insurance policy it is critical to ask what is excluded. This is the same for a cyber insurance policy.