Blog

What to Expect When Applying for Cyber Insurance

Every insurance policy starts with an application, and cyber liability insurance is no different. However, cyber applications are not standard and can be complex. The objective of this article is to help alleviate some of that complexity and provide guidance for insureds filling out a cyber application.

Kevin Mahoney

10

 MINUTE READ

What to Expect When Applying for Cyber Insurance

Every insurance policy starts with an application, and cyber liability insurance is no different. While the underwriting process in long-established insurance lines is streamlined, this is not the case for cyber liability insurance. Currently, application forms for cyber insurance are not standard and can be complex—often consisting of dozens of pages.

For businesses attempting to acquire cyber insurance, the application process itself can be daunting. However, proper cyber liability insurance remains a vital risk transfer tool for organizations of all sizes. To ensure your organization has the right level of insurance when it needs it most, it is critical to prepare for the application process itself.

What Type of Information is Reviewed?

An underwriter’s job is to assess risk and determine limit sand pricing. Insurers depend on the detail contained in an organization’s application, and any vagueness or incorrect information can create issues if and when you file a claim. In order to properly determine your organization’s cyber risks, insurers will review information related to the following:

·     The basics. Insurers will want to know what industry your organization operates in, as well as how much and what types of information your organization stores, processes and transmits. In addition, underwriters will look to see how you manage data security and who is in charge of overseeing cyber-related matters.

·     Information security. When it comes toon-site security, underwriters want to know if you have a formal program in place to test and audit security controls. In addition, underwriters typically look to see if you have basic controls in place, including firewall technology, anti-virus software and intrusion detection software.

·     Breach history. During the application process, underwriters will take a closer look at your breach history. In general, they want to know if the data you house is particularly vulnerable and how effective your data security techniques are.

·     Data backup. Knowing how your organization handles data backup helps insurers better understand your level of data loss risk. Underwriters will want to know if you back up all of your valuable data on a regular basis, if you utilize a redundant network and if you have a disaster recovery plan in place.

·     Company policies and procedures.Communication is important when it comes to reducing your organization’s cyber risk. That’s why, during the underwriting process, insurers want to know what types of cyber security and incident response policies you have in place. In addition, it’s likely you will be asked how you handle password updates, the use of personal devices and revoking network access to former employees

·     Compliance with legal and industry standards.Failing to comply with cyber-related legislation can be incredibly costly, and insurers will want to know how you handle compliance. Specifically, they will review whether you are compliant with applicable regulatory frameworks, are a member of any outside security or privacy groups, or utilize out-of-date software and hardware. The more detailed and specific an organization can be during an initial underwriter review, the more likely it is that the organization will receive the proper amount of coverage and good terms.

Tips for Applying  

For cyber coverage to be effective, it requires a high level of due diligence on the part of prospective policyholders. To get the most out of your policy, you will want to consider the following best practices when applying for cyber insurance:

1.       Gather accurate data. Before the application process, it’s critical to speak with your information technology(IT) management team and any vendors you utilize in order to collect accurate data. It’s important to quantify the data on your network. Above all, get a solid estimate on how much personally identifiable information you have, including employee data.

2.       Be honest. To complete the application process properly and get the best possible policy, honesty is important. When working with your insurer, be clear about your organizational setup, security protocols and breach history. Not only will this help in securing adequate coverage, but it will also reduce the risk of your policy being voided if carriers find out you were dishonest during the underwriting process.

3.       Don’t wait. Even if your organization hasn’t taken the appropriate steps to reduce its cyber risk, going through the cyber insurance application process can help identify exposures. Your insurer can work with you to get the best coverage possible today, leaving room to negotiate down the line when your data security methods are stronger.

4.       Involve the right people. The application process for cyber insurance can be complicated, and it’s important to have key personnel help you. In order to complete a cyber liability insurance application, an organization may need to work with their risk managers, IT professionals, HR department, financial officers, board of directors, executives, privacy officers, marketing team and legal professionals.

Taking all the above into account will not only prepare you for the cyber insurance underwriting process, but it can also improve data security up front.