The Expert Podcast

So what the heck is going on with cyber insurance if you're a business owner or a company you may be seeing this come up more in contracts that are required maybe you're seeing it more in licensing and regulations that you have to get Cyber Insurance anybody think well gee I thought I already had Insurance well some commercial policies general liability professional liability Eno policies may have some endorsement for some type of cyber but there's a lot of things about cyber insurance that are different from regular Insurance it may not cover third parties it may have a small limit of let's say fifty thousand so you want to make sure that if a contract you're doing business with requires cyber insurance that you know the ins and outs of it.

So how big of a deal is it? Well, the cyber insurance market is going to exceed 17 billion just in a few years. Three or four years ago, it was barely a couple billion. It's dramatically increased. What about premiums? Well, the premiums are actually stabilizing, and the prices of policies are starting to come down because the insurers are now starting to get some experience with these cyber events and cyber policies, and more importantly, they're able to step in and prevent these claims from happening in the first place.

The biggest value to a cyber policy is that the insurer more than likely going to put some type of monitoring on your network to see if there's any intrusions because most cyber attacks happen days, weeks, or months after the original intrusion, so make sure if you're looking at cyber policies, you get one that has this kind of active monitoring. If you don't want it, it'll be a little cheaper if you don't, but just make sure that you're selecting appropriately what you want or what you don't want. Look at the policy. Don't go by what you think it has. Look at the policy to make sure that it has the coverage that you want and has that monitoring. That's worth its weight in gold.

A lot of these claims wouldn't even happen if the insured had this policy. We just saw a big case where MGM in Las Vegas was hacked and they had thousands and thousands of hotel rooms they couldn't rent out. They had to shut down their casino because of a cyber attack. What else is going on? Well, companies are now starting to budget for cyber premiums, and this talks about rising cyber premiums. It's more that you're having to budget to add it to your existing policy. Most insurance policies now may have a small cyber endorsement of fifty thousand, but the average cyber attack is closer to a million dollars, so you want to make sure you have those kinds of coverage.

Also, be aware of what's not covered in what situations your cyber coverage would be void. These vary by insurance companies, so make sure you look at your policy to know what's covered if you have a lack of security protocols in place. Look, when your cyber insurer does the underwriting for your policy, they're going to check to make sure you have certain protocols, two-factor authentication passwords, limited access to a server room, and some of them take your word for some of them you have to prove, but just make sure you have those in place.

Internal bad actor. What that means is that if the hacker is one of your employees, there may not be coverage. You might need a separate crime policy for that human error. If you lose a cell phone or a laptop and don't immediately take action, that may not be covered. Also, keep in mind that if you have any kind of cyber intrusion, call your insurance company right away because they may still cover your event if you don't call them right away, but any expenses that happen before you call them once you know might not be covered.

Acts of War usually not covered that's if you know some foreign government does this hacking may not be covered if you do not file com file compliance procedures that's what we talked about they're going to tell you certain things that are best practices maybe once a month you have to do some type of of uh detection maybe on a regular basis you have to do training you want to make sure you do that terrorism normally not covered here you go not reporting to insurance company first you want to make sure you do that reporting so that you have coverage but also you have coverage for all of the things that are expenses that happen before you before you contact them so these are things to look at on your policies you if you do have more questions about cyber even just a consultation check out our website riskcoverage.com you see the link below we'd be glad to be of assistance it's a new world of hacks it's also new opportunity for coverages that may not have been available previously.