It shouldn’t be an either/or. In fact, to get cyber insurance, a demonstration of solid cybersecurity practice is required. But no security is 100%, and every business deserves the opportunity to invest in a backstop or security blanket to get back on its feet and return to the position it was in before it suffered a cyber attack or breach.
It sounds simple, but it comes down to risk. Identify your crown jewels and what needs protecting, calculate the cost of downtime if your business is attacked and debilitated, and determine what support you need. It’s likely that if you operate any part of your organisation digitally or if you store sensitive data, cyber insurance could be fundamental to protecting your business.
We exclusively broke cyber insurance and thus are not distracted by other commercial insurance lines. We channel all our effort and passion into cyber, sitting confidently at the heart of the cyber industry. Because we ‘get it’, we live in the small print of a policy so our clients don’t have to. The value we offer far exceeds just the policy. Check out ‘how we work’ to learn more.
Insurance is available to cover a business for the loss it might incur from a ransomware event. However, like many lines of insurance, an organisation must meet specific security controls before this is offered. Most importantly, cyber insurance gives you access to a panel of incident responders who help deal with the crisis surrounding a ransomware event, giving you both protection and, most notably, options.
Working with two brokers is easy when the process is smooth. If you had to claim under a cyber policy and a Directors & Officers policy, you would still have to provide two separate sets of information to two different insurers, even if you were using one broker. From a time and effort perspective, there is no difference. From a value perspective, there’s a huge difference.
The answer is no. Cyber is priced as its own risk and will represent the size and activity of your business, regardless of whether it is insured ‘all together’ with other coverages. You cannot rely on another form of insurance (such as professional liability) to cover you for cyber incidents unless it affirmatively states that it is covered within your policy wording. By keeping all insurance lines together, you lose out on the expertise, guidance and invaluable advice you can get from a specialist cyber broker.
We stand behind the fact that the cyber insurance market is well developed and continues to pay claims to support businesses. Sadly, there are cases (that often make headlines) where insurers refuse. The most common reason for refusal is inaccuracies in a customer’s risk information. There is a lot of information to capture when applying for cyber insurance, and without a specialist cyber broker, there is room for misinterpretation, omission and inaccuracy. It pays to have a specialist cyber broker who will take the time to absorb and relay accurate information between an underwriter and a client to prevent instances where the policy does not pay out.
It’s difficult, but possible, to measure cyber risk. Considerations include your security posture, how much of the risk you are willing to take on yourself (i.e., what your excess is), what your in-house capabilities are and what commercially makes sense for you as a business. Assured will help you determine your risk and the recommended coverage level.
Simply put, a premium is affected by your insurance limit, the excess (the amount you are willing to pay towards a claim), and your company’s security posture. Therefore, adjusting any of these three factors should improve your premium.
Insurers will set a minimum excess for you to adhere to (the amount you pay towards a claim). If you are comfortable taking on more self-insured risk by increasing the excess, we expect the premium to decrease slightly to reflect this.
You need the best people in your corner when the proverbial hits the fan. The key to a successful response is preparation. At Assured, we ensure our clients are prepared for a cyber-incident, pairing clients with the best incident responders to guarantee a fast, thorough and definitive response to a cyber incident. Often, when people think of cyber insurance, they think only of financial remuneration. However, do not underestimate the incident response element of cyber insurance. Check out our ’24 hours in incident response’ article, which details this element more.
From the first conversation with our clients, we give that relationship our all. It’s not a one-time transaction. We work with our clients throughout the policy lifecycle, with touchpoints to analyse security posture, advise on premium reductions and a consistent conveyor belt of content and information tailored to your business’s needs. We equip executives with the cyber knowledge they need to excel in the boardroom.
Assured Intelligence (aka AI, see what we did there?) is a high-end editorially independent content platform designed exclusively for executives. Edited and created by award-winning cybersecurity journalist Eleanor Dallaway, the site showcases interviews, features, podcasts and exclusive events. Assured Intelligence makes a no-acronym, non-techie promise, translating cybersecurity need-to-know into business talk that’s easy to digest and hard to forget.