As the frequency of cyber threats continues to increase, so does the need for cyber risk management. With constant diligence and cooperation within institutions, losses incurred through data breaches and cyber events can be minimized.
Joshua Gold, Esq., chair of Anderson Kill Cyber Insurance Recovery Practice, shared that cyber risk management is a process and not an absolute solution. The following is a brief summary of strategies for navigating the fine print in cyber insurance plans:
- Involve various departments in the insurance application process—particularly IT—to ensure an accurate representation of the institution’s cyber exposure.
- Set retroactive dates as far in the past as possible. Hackers could have infiltrated your system months before they are detected.
- Look for a clear policy structure; work alongside an insurance broker.
- Ensure there are no gaps in the coverage and that there’s symmetry with other insurance plans at your institution.
- Negotiate endorsements for special coverage needs pertaining to cloud providers and third-party vendors, and other data outside of the network or premises.
- Get coverage built in for PCI issues and card brand fines and penalties.
- Look out for sub-limits; they could sometimes be negotiated. Make sure they are robust enough and include voluntary parting of funds, social engineering, and cyber extortion.
- Beware of exclusions for breach of contract, unencrypted mobile devices, and conduct.
- Beware of conditions on reasonable cybersecurity measures in light of ever-changing nature of cyber threats.
- Negotiate coverage for business interruption, property damage, and reputation damage.
- Beware of war risk exclusions.