Content

Cracking the cyber liability code leads to better insurance coverage

The cyber insurance market continues to evolve and mature with coverage enhancements, along with an abundance of carriers. With so many carriers entering the market, it’s more important than ever for companies to take their time and read the fine print.

In their session Tuesday at InfoSec World 2020, "Cracking the Cyber Liability Code," two representatives from RLI Insurance, Sean Scranton, RLI’s cyber liability national practice leader, and Shelly Thomas, a senior underwriter for cyber liability, discussed all the different choices and questions companies should ask.

Scranton and Thomas laid out the characteristics of many of these policies, saying insurers love data, but it’s not always easy for customer to find because each insurer considers it proprietary. Customers also need to understand that cyber insurance is not like auto or home policies where there’s typically standard language. Cyber policies are continuously evolving with the market and regulatory changes. Even basic definition vary and for the larger companies programs are individually crafted by brokers. It’s also possible that cyber-like coverage exists in other polices, such as building and personal property plans, business income and extra expense coverage, business owner’s policy and commercial crime coverage.

While it’s somewhat confusing, Scranton and Thomas did outline the basics of what customers should look for in cyber coverage:

Business and network interruption: An interruption due to malware, employee error, security intrusion or DDoS; covers loss of profits and extra expense.

Data loss coverage: Restore or recreate data lost or corrupted from malware, employee error, security intrusion or lost device.

Cyber extortion: Covers ransomware, threat of virus, DDoS, or destruction of data.

Crisis management: Incident response, forensics, public relations costs, credit monitoring and breach coach.

Regulatory fines and penalties: Fines or penalties levied because of non-compliance with regs such as PCI or HITECH.

Businesses should also look for policies with other additional services. These include assistance with incident response, both pre- and post-breach, external resources for post-breach activities, training modules for employees, and access to a breach coach and to legal counsel. Look for brokers with expertise who can properly guide you and aren’t just looking to sell a policy.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.