Best Practices to Buy Cyber Insurance for Business Security

Cyber attacks are certainly well-documented. Security has become problematic in all sectors – business, nonprofits, government, politics and individuals.

The aggregate financial losses are so staggering, 69 percent of consumers worry about security at major companies, according to a study.

Consumers probably wouldn’t be surprised to learn that most small businesses make them vulnerable to credit card fraud and identity theft.

id-100445570The cybercrime trend has become so inescapable, cyber-security threats have cost chief executive officers their jobs and now CEOs and boards now fear cyber-security threats.

Hence, there’s a need to buy cyber insurance. You’re not convinced? Here’s an unfortunate case study.

Despite the ever-mounting awareness of data breaches, buying the right protection and being able to buy any insurance from cyber attacks can be daunting.

Many insurance companies are excluding coverage and courts have not been uniform in their rulings regarding insurance policies. Yet cyber insurance is paramount, and you likely need expert cyber-legal advice.

As a starting point, here are five best practices in buying cyber insurance:

1. Understand the big picture of cyber insurance

Unlike typical casualty or life insurance, there isn’t uniformity in cyber insurance. Insurance companies label their policies and their coverages in a myriad of ways.

It’s important to carefully examine coverage terms and the fine print.

There are differences between first-party and third-party coverages. Threats occur in both.

First-party coverage pertains to your business. Third-party coverage refers to your customers, vendors and other stakeholders.

Yet insurance companies often lump the two together along with professional insurance coverage, media and tech coverage, errors and omission policies, and general liability policies.

So you need to fully understand your risks and the available options. This means you must have a competent insurance advisor and legal counsel to prevent gaps in protection.

2. Assess your risks

It’s important you learn the risks you face. Cyber criminals use a wide variety of exploitation methods and have a myriad of motives.

For instance, some might want to damage or shut down your system. Others might want to steal your business data for their financial benefit.

Criminals might go after your customers’ credit card and financial-institution data – for which you’re also legally and morally liable.

There are extortionists who might want install ransomware – software shutting down your IT system until you make a ransome payment to them.

“Privacy is not for the passive.”

-Jeffrey Rosen

So your risks emanate from these possible vulnerabilities:

— You depend on e-commerce for revenue.

— You maintain your customers’ financial information.

— You host Web sites or provide tech services for customers.

— You provide services to customers or the public at-large.

— Your company’s information technology depends on another company or network.

–A breach will be a hit on your reputation and decrease your future income.

So conduct stress tests and risk scenarios.

3. Quantify in dollars the risk from a breach

You should inventory or anticipate the costs to your business if your system is breached and otherwise disrupted.

Not only does this involve direct losses from disruption of your technology to your bottom-line, but damage to your reputation and indirect losses involving third parties, too. All such financial losses would be significant.

Moreover, you are required to notify your customers in the event of a breach.

You must also provide them with credit monitoring, ascertain identity theft-protection services, deal with regulators, cope with penalties from investigations, and contend with lawsuits.

4. Understand your coverage options

Once you know your risks, you must learn what you need in cyber insurance so you can make a determination.

But note the available policies vary widely. For example, as mentioned earlier, coverages for first and third-party losses are combined into one policy.

5. Choose the coverage that’s right for your business

Again, after you anticipate your vulnerabilities by conducting risk scenarios, study all your available options.

Then, with further due diligence pick the insurance company and coverages that will best protect your company.

To select your ideal coverages, involve all your key talent – from your finance and marketing to customer service and IT employees. If you determine coverage is not available for certain risks, do your best to eliminate those risks.

From the Coach’s Corner, here related articles:

Are You Up-to-Date in Managing Cyber Risk? Here’s How — A strange development is taking place. Businesspeople are increasingly concerned about risk management and data loss, but many are implementing the wrong solutions. Here’s what you can do.

Protect Your Financials, Systems and Technology – 15 Tips — Cybercrime has skyrocketed and is projected to get much worse. At risk is the health of your company as well as the welfare of anyone with whom you do business. Here’s how to protect your customers and your reputation.

10 Strategies for Internal Controls of IT and Financial Systems — Obviously, the welfare of your company depends on having an up-to-date information-technology system. IT now impacts every facet of your business. So it follows that you should invest in IT controls to protect and enhance your financial system.

Key Measures to Prevent, Recover from Ransomware — Published reports indicate ransomware cost businesses $350 million in 2015. The FBI considers ransomware attacks one of the three worst cyber threats.

9 Tips to Train Employees to Protect You from Cybercrime — It takes a team approach to protect your organization against the skyrocketing rate of cybercrime. Here are nine training precautions necessary to make sure your employees help you guard against security threats.

“Privacy is not for the passive.”

-Jeffrey Rosen


Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Photo courtesy Stuart Miles at

Enter Google AdSense Code Here
Seattle business consultant Terry Corbell provides high-performance management services and strategies.