Simplified Cyber Security
Simplified Cyber Security
Simplified Cyber Security

Buying Cyber Insurance – Getting it right

The recent cyber security reports are alarming especially when you focus on the financial impact of cyber attacks to an economy. Africa Cyber Security report released earlier on in the month estimated the cost of cyber attacks in the continent to be $3.4 billion! The financial cost of cyber crime is getting heavier and worse it could even take down a business.  Organizations are appreciating the need to transfer that risk through cyber insurance. A cyber attack has both direct and indirect cost which is covered under cyber insurance.

Where do you start when you want to buy a cyber insurance cover? 

How do you get the right coverage at a competitive rate?

 Buying cyber insurance can get as complicated as buying a suit.  It’s rare (never happened to me) to pick a suit off the rack that fits you perfectly.  Apart from fit, there is color, fabric, pattern and style to be considered.

Buying cyber insurance is no different; you want to get coverage that right for your business at the best price.  The cover should protect your business from financial loss but also improve your cyber security posture.  To complicate it further, the buying decision isn’t a one man’s show- there is an entire team to be involved. A cyber attack isn’t just a technology issues anymore as it impacts organizations operations, customers and organizations reputation.  The CIO, CISO, CFO, Legal, Risk teams and other senior managers need to be on board for the enterprise risk to be addressed and for the organization to get the best deal from the market.

Some questions to consider as you shop for a cyber insurance cover

  1. What’s the company’s risk appetite? Put in simple language ‘What are we afraid of?”. If a data breach was to hit us, what would make us worry most?
  2. Where do our exposures lie? A Risk Assessment will identify the risk exposures, greatest vulnerabilities and assets that are most vulnerable.
  3. What will be cost of a cyber attack to our business? Conducting a Cyber Value at Risk(CyVaR) quantifies your financial exposure but also give indicators on how exposure can be reduced? CyVaR can be used to negotiate premium with an insurer.
  4. What’s the experience of the broker/insurer in covering cyber risk? What policies do they have in place? Stand-alone are better and more comprehensive, check whether it can be customized to your organizational needs?
  5. Is the insurer providing cyber incident management services? Do they have a technical team or the service is out-sourced? What’s their capacity to identify and remediation a cyber attack? Remember cyber insurance coverage is partnership so get someone who you feel confident to walk with.
  6. Is coverage retrogressive? Its takes on average 200 days to discover a cyber attack. Confirm whether this is covered by the policy. At times it may come at a higher premium but worth selecting.
  7. Does the policy cover Third-Party providers? If not what happens if a breach originates from the third-party?
  8. Does policy cover data loss e.g a non malicious action by an employee? An employee unintentionally sending customer data to wrong recipient on email?
  9. Does policy cover regulatory and government fines? Will GDPR penalty be covered by the policy?
  10. What are the exclusions on the policy? What’s not covered under the policy?  Get to understand this one well.

Consider consulting with an independent cyber insurance consultant before jumping into buying a cover.  With their experience you benefit by getting answers to the above and much more as you confidently buy a cyber insurance coverage.

Leave a Reply

Your email address will not be published. Required fields are marked *

2018 © Villbo Group Limited.