Cyber policies are changing almost as fast as the crimes they’re trying to protect. As technology quickly evolves - and new cyber breaches and scare tactics surface - carriers are innovating how they underwrite policies and what coverage features they offer to get an edge on the competitive market.

This is good for the insurance purchaser - assuming you know what to look for.

The most significant innovation is how top cyber carriers are underwriting policies. Instead of using a business’ past cyber profile to determine future risk, insurers are collecting real-time cyber data on their prospective insureds.

Another way cyber carriers are differentiating themselves is through coverage features. Since there’s no standard for cyber insurance, the options are as vast as the many insurers now joining the cyber insurance marketplace. Here’s a list of some cyber policy features you might want to consider, and what questions to ask to make sure you’re adequately covered:

  1. Accidents. Just a few years ago, cyber coverage was only triggered by a breach and actual attack. Today, businesses need to be insured for accidents, too. A network power outage caused by an accident is also a real risk that is insurable.
  2. Business Interruption. While cyber policies focus on inadvertent disclosure of private information of employees, customers, or patients, there is a real risk to businesses when an attack results in a company’s IT systems being completely or even partially inoperable. If well designed and negotiated, a cyber policy will also include business interruption coverage that will be triggered after a few hours if your company IT system is not usable post breach.
  3. Regulatory fines and emerging privacy laws. Some insurers are beginning to provide cyber coverage for regulatory investigations. Ask about coverage for claims arising under the EU’s new GDPR law, the UK’s DPA, as well as upcoming regulatory changes in Canada and California.
  4. Crime coverage. Cyber risks including phishing and social engineering (impersonation of an employee, vendor or client) may be covered under both crime and cyber policies. Businesses must have a crime policy that dovetails with their cyber policy to cover these scenarios and fill in coverage gaps.
  5. Risk management prevention. HUB International and insurance carriers are offering risk management services. These features can include: assistance with developing a business continuity plan, cyber attack prevention policies and procedures, and cyber breach training.
  6. Incident response services. Insurance carriers offer the following post-breach services: a privacy attorney to help navigate the breach response; IT forensic investigation to uncover just what happened and how; notification compliance for state, federal and international law requirements; and a PR firm to help safeguard the business’ reputation.

While many insurance carriers say they provide cyber coverage these days, a savvy broker will investigate the experience of the carrier in that space, their technology know how, their financial stability and dedication to this specialized area. The essential feature of any insurance program is the reliability of the insurer in the long run, for example when a claim occurs.

Contact your HUB cyber specialist to find out if you’re adequately covered for a cyber breach, business interruption and cyber crimes and what features can be added for better protection in this critical area of your business.