5 ‘Must Haves’ in your cyber insurance policy

More and more businesses are buying cyber insurance to protect themselves from the cost of cyber threats and attacks.

If you already have cyber insurance or are looking to buy it for the first time, make sure that your policy has these 5 ‘Must Haves’:

1. Emergency Response

Beyond compensating you for the economic cost of a data breach, it's extremely important that you get the help you need, when you need it. 

Cyber insurance absolutely must incorporate a high quality Emergency Breach Response solution that provides you with 24/7 support. 

In an age where news spreads at viral pace, it's imperative you have a cross-functional team, experienced with data breaches to guide you and help you communicate precisely with customers, staff, suppliers and regulators. 

Edmund’s unique Emergency Response solution is powered by KPMG. It's one of the few solutions available in Australia that provide a single solution to cyber insurance customers. No paid project managers; you deal directly with IT, legal and PR professionals. 

2. Service Provider Cover

Your cyber insurance needs to protect your business if you are attacked, but what happens if one of your service providers is attacked and it affects your business? 

Today, most business technology is heavily reliant on third parties. Think about the number of third party software providers you use in you everyday operations.

Your cyber insurance policy must include “Service Provider” cover, so if they're hacked; you're covered. 

3. Cover for the Breach Detection Lag

IBM says the average time between when a breach occurs to when it is identified is 197 days.

If you have a breach but aren't aware of it, buy a cyber insurance policy and then discover the breach afterwards, some Insurers won’t cover your loss!

Edmund does, provided the breach occurred in the 12 month prior to buying your policy. Here's a more detailed explanation about how it works.

4. No Encryption Exclusions

Do you know what sort of Encryption you use and when? 

Some cyber insurers impose onerous encryption exclusions, which can trip businesses up at claim time.

This is because encryption software solutions are not necessarily enabled by default, may require a special driver for installation or be unavailable on some devices. Consequently, some businesses may unknowingly hold unencrypted data, in which case their cyber insurance claim may not be paid.

5. Short Waiting Periods

Cyber insurance policies have a Waiting Period for Business Interruption (Loss of Profit) Cover.

 The Waiting Period is the time that must elapse between when a breach is first discovered and the Business Interruption claim calculation can commence.

 Be aware that some insurers impose very long Waiting Periods (in cases we've seen 120 and 168 hours!!).

Given that the Business Interruption Loss nearly always occurs in the days following the discovery of a beach, very long Waiting Periods effectively make this cover redundant.