What Does Cyber Insurance Not Cover?

Cyber Security

 With cyberattacks threatening businesses at an alarming rate, many leaders are exploring their options for cyber insurance. Cyber threats in the digital age are becoming more complex and sinister than simple phishing emails. Some of these threats may include:
  • Ransomware, or malware designed to shut down networks or steal data for ransom
  • AI vishing, or phone call scams using realistic voices to steal money from unsuspecting victims
  • Pharming, or fraudulent websites made to spoof existing businesses, often injected with malware
  • Whaling, or spear-phishing, which are hyper-targeted attacks using personal information collected from social media and other online sources. 

Cyber insurance policies are designed to alleviate some of the financial hardships and offer some guidance in the face of these attacks. You may wonder what’s included in these policies, and more importantly, what you could still be on the hook for in case of attack.

What Kinds of Businesses Need Cyber Insurance?

Although some industries are especially vulnerable to cyber attacks due to the sensitive nature of their records, it’s wise for all businesses to invest in cyber policies. No business is safe from attackers, and everyone has something to lose.

That said, some businesses that have been the most targeted in recent years include healthcare, legal, and financial businesses like banks or accounting firms.

This is partly due to strict laws concerning the protection of sensitive health, legal or financial data such as Gramm-Leach-Bliley Act and HIPAA. It’s also partly due to the potential reputational and legal issues resulting from sensitive data breaches.

What Does Cyber Liability Insurance Cover?

Before you dig into the liabilities you’ll still be on the hook for, it’s important to understand how cyber policies are typically structured. Keep in mind, coverage will look different depending on your industry, size, and scope of needs.

First Party Expense Coverage

“First Party Expense Coverage” refers to expenses that might be directly incurred by the policyholder. These expenses would likely include

  • Privacy Breach Notification – assistance with notifying customers and vendors of the attack
  • Computer and Legal Experts – coverage and assistance getting services to remediate the attack and find legal resolutions                         
  • Cyber Extortion – help with ransomware and other cyber extortion payments                      
  • Data Restoration – Assistance with recovering lost or stolen data                
  • Public Relations - help with public outreach and minimizing reputational damage

Business interruption coverage and dependent business interruption coverage would also fall under a first party coverage.           

Third Party Coverage

“Third Party Coverage” refers to the costs and issues that are incurred by vendors, partners, and customers, as well as help with fines and other external ramifications. These policies could include:

  • Privacy & Security           
  • Payment Card Costs       
  • Media                                  
  • Regulatory Proceedings

What Are the Limitations of Cyber Insurance?

The best cyber insurance companies only want to insure companies less likely to suffer from ransomware attacks and data breaches.

Although cyber insurance market is a growing industry, claim approval and minimum requirements to qualify for a policy are becoming increasingly strict over time. These requirements change and expand all the time, so you must stay on top of them.

To apply for a policy, you will need to fill out a cyber insurance questionnaire to show how you meet the requirements for cyber insurance. Some minimum requirements will include MFA, data backups, and cybersecurity training.

Multifactor Authentication (MFA)

A policy should be in place for MFA, which is designed to verify network users and block any unauthorized individuals. Factors used in this verification should include two or more of the following:

  • Something you have (i.e. a personal device)
  • Something you are (such as a fingerprint or other biometric factor)
  • Something you know (such as security questions that only you know the answer to)

To learn about other details to consider for a cyber insurance checklist, read our blog: Top 5 Things Required For Cybersecurity Insurance Coverage.

Data Backups to Bounce Back from Catastrophe

If data is stolen, you must have protections in place to allow you to retrieve it. This is so it can’t be permanently deleted if a hacker takes over your network.

Backups should be housed separately from your network, which can also help in the event of natural disasters or fires. You can backup data on the cloud or through physical backups.

Cybersecurity Training for Leadership and Employees

It’s a myth that phishing and other scams can only affect those who aren’t tech-savvy. Even highly trained individuals can fall for these increasingly convincing scams, so training is crucial to prepare everyone for these threats.

Your MSP should be able to set you up with these automated training courses. These courses should be quick to get through so employees aren’t dissuaded from taking them.

These should occur regularly and cover common cyber threats such as phishing, smishing, vishing, email security, and other elements of online safety. To read more about how to train employees on cybersecurity, read our blog: Top 6 Email Security Tips for Employees.

How Might a Cyber Insurance Claim Be Denied?

If you claim to meet these requirements, you must be able to back up your claims with evidence. If you don’t have the tools and practices in place and you suffer a cyberattack, your claim could be denied.

Experts warn that you must “verify, then trust” any tools, service providers, and safeguards with your cybersecurity. Here are some actionable steps to get to know if your organization is truly doing everything in its power to mitigate cyber threats:

  • Find out the details about your organization's multifactor authentication policy
  • Ensure you conduct regular cyber awareness training courses
  • Verify that you have adequate data backups and encryption

If an insurance company determines that you didn’t have adequate measures in place to mitigate the risk of attacks, they will likely deny your claim in the event of an attack. 

Is It Worth It to Get Cyber Insurance?

Given the risk of cyber insurance companies rejecting your claim, you may wonder if it’s worth it to invest in a policy. When weighing your options, it’s important to remember the long-term ramifications of cyberattacks and how expert help can make a real difference.

Mitigate the Long-Term Costs of Attacks

Cyberattacks can have large financial consequences, often costing businesses millions of dollars in remediation efforts. On top of this, reputational damage can hurt business for years to come.

Cyber insurance companies have the resources to assist you in the wake of an attack. They will often have a list of experts to call upon for assistance in investigations, legal proceedings, public relations, and more. 

Avoid Possible Closure Due to Damages

You can’t 100% guarantee that you’ll never fall victim to an attack, but how you handle them can determine the failure or the survival of your business. It’s not unheard of for businesses to go bankrupt from the wrath of attackers.

Cyber criminals are willing and able to destroy your reputation and take you for all you’re worth, by taking measures such as:

  • Releasing stolen data to your competitors
  • Leaking sensitive health, legal, or financial records of your clients publicly
  • Deleting crucial data

It’s common for hackers to create panic and urgency by giving you a tight deadline before they start wreaking havoc or increasing ransom amounts. If you ignore these demands, the resulting damage might not be something your business can recover from.

Find an MSP to Help You Sort Out the Basics

When you’re looking for cyber insurance, you’ll come across strict requirements that will only expand as time goes on. For this reason, you’ll need a managed service provider (MSP) with the tools and industry expertise to help you qualify for a policy.

If you’re ready to secure and optimize your network to qualify for cyber insurance, click the button below to speak to an expert about your business. 

 Discover Your Solution

About Jada Sterling, Digital Content Manager

Jada Sterling is Usherwood's Content Manager. She is responsible for developing content that furthers the mission of Usherwood Office Technology by helping clients and prospective clients better understand how technology can help grow their business.