While cyber insurance can play a tremendous role in recovering from a data breach or cyber-attack through paying out millions of dollars in claims, the process of finding the right coverage can be a daunting task as premiums for similar coverages often do not align and come with complex language. Not only is it difficult to understand what is covered in a cyber policy, it is even more difficult to explain these policies to a client due to a lack of a common lexicon in the industry. Regardless, security vendors and IT departments strongly recommend purchasing cyber insurance. However, Dave Bradford, co-founder and chief strategy officer at Advisen, explains that, “insurance companies lack underwriters with IT knowledge, a good model for assessing risk, a common vocabulary to discuss policies clearly, and face a looming threat that a single successful attack of just the wrong kind could mean a major financial hit.” Not to mention, the companies that are not buying cyber insurance coincidentally are the ones being hit most – cyber insurance is more often purchased by larger companies while 60 percent of attacks that result in harm are aimed at smaller organizations.
Cyber policies can vary tremendously due to an organization’s size, industry, stored data, etc., but coverage often includes many of the following: forensics, restoration of the network, public relations, attorney fees, notification of victims, incident response, defense costs, liability for damages, industry fines, extortion payments, fines, penalties and business interruption. Furthermore, cyber insurance can help bolster cybersecurity due to set data-protection requirements necessary to receive coverage. Nonetheless, purchasing cyber insurance can be a huge pain (in the a**) for organizations, brokers and underwriters. The lack of the common lexicon makes it difficult for the broker to differentiate policies, the consumer to understand them, and the underwriter to write them – all while the insurance company struggles to quantify the risk in the first place. Surely, we will begin to see in increase in cyber insurance take-up across all industries but first, the insurance industry must simplify the process.