6 Best Practices to Evaluate Cyber Insurance

July 11, 2022

Why Do I Need Cyber Insurance?

Cyber attacks threaten every business daily, and hackers’ demands are rising. Per the National Security Institute, “the average fee requested for a ransom was $5,000 in 2018, but it increased to around $200,000 in 2020. Can your business survive paying a ransom demand and the potential impact on your operations and customers? Cyber insurance can help protect you from the fallout of cyberattacks and hacking threats. It can also help minimize business disruption and potentially cover the financial cost of the attack and recovery. 

Do I need both Ransomware and Cyber Extortion Coverage?

As with any insurance policy, reading the fine print is essential. Cyber insurance policies may not cover both ransomware and cyber extortion. What’s the difference? 

Ransomware – hackers use malicious software to gain access to your company’s computer systems or files and block user access. Cybercriminals hold the data hostage until they receive a ransom payment for the encryption key. The attacker typically demands a cryptocurrency such as bitcoin as payment.

Early ransomware attacks demanded a ransom to unlock the data or a device. Hackers, however, often initiate “double extortion” attacks that require a ransom to both retrieve and prevent the publication of the data.

Cyber Extortion – in a cyber-extortion attack, the bad actors steal data, then tell the victim company what they stole. They nearly always provide a virtual “proof of life,” such as a picture of a file tree showing what network parts were infiltrated and might share a sample file. Then, they will demand payment to take the data offline, promising to destroy it.

What should I look for in a Policy?

Cyber insurance varies significantly among different carriers, and the cost will depend upon a combination of the coverage and your current security posture. When comparing policies, below are six best practices to evaluate insurance.

  1. Pay close attention to the application. Under many cyber policies, the insured represents and acknowledges to the insurer that the statements and information in the insured’s application are true, accurate, and material to the insurer’s agreement to accept the risk. The insured’s completed application might become part of the contractual terms between the insured and the insurer. Insurance carriers might assume that if the application contains a misrepresentation or omission material to the insurer’s acceptance of risk, even if the omission or misrepresentation was accidental, the policy provides it is void.
  2. Look for a coverage section called “cyber extortion” or “ransomware,” and make sure your organization buys that coverage. That coverage often includes the cost of paying a ransom and sometimes consists of the costs of investigating the cause and origin of the attack, as well as remediating it. Not every policy has this coverage written into the policy explicitly. If the policy is offered “cafeteria-style” – meaning the buyer must pick and choose the coverage to purchase – it is crucial to ensure the organization buys cyber extortion and ransomware coverage.
  3. Look for a coverage section called “business interruption” or “business income and extra expense.” This type of coverage section is often similar to a first-party property insurance policy’s coverage. It provides coverage for lost income and extra expenses from ransomware taking networks offline.
  4. Look for a coverage section called “network security liability.” This type of coverage will often cover the costs of defending and indemnifying third-party liability claims from customers or other third parties due to the failure of network security (often how ransomware and cyber extortion events occur).
  5. Consider the potential impact of any so-called “war” exclusion, particularly in light of recent world events. War exclusions have become the subject of debate regarding cyberattacks and insurance, with some current and significant coverage litigation disputing whether a “war exclusion” applied to NotPetya (a form of malware that looked just like ransomware). Some carriers have left their “war exclusions” alone; others have added significant verbiage to their exclusions. Changes to war exclusions could have a substantial impact on coverage.
  6. Avoid sub-limits and co-insurance. Some insurance policies set a lower coverage limit for cyber extortion and ransomware attacks. For example, a $10 million limit cyber policy may provide only $5 million for cyber extortion. Those seeking insurance should consider whether a proposed sub-limit amount is sufficient to cover a possible ransomware attack. Policies might also include co-insurance, a provision that carriers say requires the insured to match, dollar for dollar, amounts that the insurance carrier pays for ransom, or extortion. Certain insurers continue to provide a full limit of liability for ransomware and cyber extortion.

How We Can Help

The best way to reduce your cyber insurance costs is to increase your security posture and ensure your policy will pay if an attack occurs. If you need help, contact us to talk with one of our security experts to reduce and mitigate an attack and save you money on your cyber insurance.