The Expert Podcast

So why does it seem so complicated to get a cyber liability policy? Well, one of the things that a lot of people don't realize is that, up until recently, cyber liability insurance as a line of coverage did not exist. There was no standard cyber insurance policy, and there still isn't in many cases. Each carrier covers different types of costs, different incidents, and they have different terms and conditions on their policies, with different exclusions. That makes it hard for you as a customer, and even for a broker, to really understand what's covered in a contract without really reading it and having it match what the client wants. It's not like you buy car insurance, where they're all standard. It's not like a commodity.

The biggest problem was a lack of education and understanding when it comes to the risk. You need to know what the risks in your company are and what's going to be covered or what you want to have covered. You may not be able to cover everything, but you want to cover the ones that are important to you and could be deal breakers for your company.

In many cases, it's because there's a false sense of security where companies don't realize what their risks are. A lot of companies think, "I'm not going to be a target for hackers. Nobody wants to hack me. I'm just a small mom-and-pop company. I'm maybe a mid-sized manufacturer. Why would they want to target me?" A lot of times, companies don't have the time to study what the threats are and realize how big they are. Hackers play a numbers game, right? They don't just say, "We're going after the biggest companies," because sometimes the biggest companies are the worst ones to try to hack. They have a lot of budget going into prevention. A lot of times, the better bang for the buck is to try to target mid or small-size companies, those making one million to five million in revenue, because they may not have a big budget for cyber protection, and they might be really quick to write a check for 30 or 40 grand just to get you out of their hair.

Companies nowadays are all tech companies. A lot of manufacturing firms or construction companies think, "Look, I'm not a tech company. Why do I need cyber insurance?" Well, you have a computer, don't you? You have a website, you have a management system online, and maybe you have accounts receivable and accounts payable. Maybe you use QuickBooks. All of those are technical platforms, and a cyber attacker infiltrating those platforms can do a lot of damage. They can hold you hostage, and they can get your customer data. In addition to the losses you would incur from the damage, many times you have to pay penalties and fines because your customers' data was breached.

So make sure that you understand what your risk might be for cyber insurance. Whether you buy a policy or not, make sure that you put some protection against the loss in the first place. Even if you have insurance, you're going to have to put protections in place. Otherwise, your insurer probably won't even pick up your policy.