- Commercial general liability (CGL) coverage is no longer enough, as it typically has insufficient cyber coverage.
- Business owners should look at the policy coverage with respect to data protection and privacy risks, both for third-party claims and first-party mitigation costs. Cyber insurance policies vary quite a bit, with no real standard in the industry. Policies usually include some combination of first-party and third-party coverages. A business owner who is unsure about which is more important should consult with a cyber insurance expert.
- Coverage needs to provide protection for cyber extortion threats and other breach-related liabilities, including regulatory penalties, GDPR and merchant services agreements.
- Renewing coverage during the contract period is critical, as most cyber coverage is written as “claims made” coverage and will only cover claims during the policy period.
- Proper preventative measures should be embedded in operations for every company, with cyber insurance as the backup. The measures should cover how sensitive data is handled, encryption, password management and controlling access to information. Some policies will have resources for the business owners to help manage this process, something to consider when speaking with a cyber insurance expert.
- Both parties should consider documenting specific preventative measures in a contract. This ensures that everyone is in alignment and understands the expectations for risk avoidance.
- Often, certificates of insurance are all that is required as documentation in the contract. Consider including a full copy of your cyber insurance policy with the contract to prevent misunderstandings should a breach occur.
Tips for SMBs Buying Cyber Insurance
Bad news: Commercial general liability coverage no longer has sufficient cyber coverage. Good news: Cyber policy costs have plunged.