We’ve written a handful of cyber insurance-centric blogs over the years documenting how the market has evolved, threat landscape changes, and best practices for our clients to consider. Those entries have gone into the weeds on specific aspects of cyber risk, but sometimes it’s good to level set and go back to the basics.

For this blog, we did some research on the most popular searched questions on search engines regarding cyber insurance. Let’s get to answering four of them.

1. What Does a Cyber Insurance Policy Cover?

A robust cyber insurance policy includes elements of Third-Party Liability coverage and First Party Reimbursement coverage. There are a handful of different insuring agreements, but the core of a cyber policy is to cover your organization for costs stemming from cyber events, such as:

• Ransomware (costs to manage and pay ransom)
• Data breaches
• Business interruption/shutdown
• Systems restoration
• Social engineering fraud
• Potential lawsuits

2. Why Do Businesses Need Cyber Insurance?

Cyber risks are the No. 1 overall business concern amongst organizations. Cyberattacks occur more frequently than auto accidents, and on average, they are more costly than property fires.

Businesses need cyber insurance to insure against costly cyberattacks, reimburse for cyber business interruption, and provide valuable resources to handle the breach response responsibilities on behalf of your organization.

3. What Should Your Cyber Insurance Policy Cover?

Make sure your cyber insurance has these things:

• Full limits/no restrictions for cyber extortion (i.e., ransomware)
• Social engineering fraud
• Full limits for Business Interruption and Dependent Business Interruption
• No exclusions for foreign-based attacks or cyber terrorism
• No exclusions for lack of encryption or failure to update

4. What Type of Cyber Insurance Do I Need and How Much?

This should be a discussion with your insurance broker, and we’d be happy to discuss it with you!

There are several different types of cyber insurance, ways to structure, and how to effectively buy. The general rule of thumb is to buy a standalone cyber insurance policy versus relying on a property or general liability “cyber” endorsement. At a minimum, make sure it includes the items noted in the previous question.

In terms of limit, the data you are liable for, business disruption exposure, regulatory environment your business operates in, and your balance sheet exposure are all factors that should be taken into consideration.

Holmes Murphy has the experts and tools to assist in this area to increase your confidence in your cyber insurance and risk management program. We’d be happy to talk with you about all of this.