With increasing frequency, insurtech startups selling cyber liability insurance online are emerging. With founding teams often possessing deep knowledge and experience in enterprise data security and investors interested in funding companies combating the increased cyber threats all modern businesses face, cyber liability insurance is, understandably, at the core of this new wave of startups. While we believe that cyber insurance plays a critical role in all effective cybersecurity strategies, we have serious concerns about the dangers and risks that come along with the insurtech startups that are only selling cyber insurance. Many of our concerns stem from our belief that while these new companies might have deep security experience, they lack the deep commercial insurance experience required to understand exactly how cyber insurance works. So, here are three important considerations we believe business owners need to understand before purchasing cyber liability or data breach insurance from a company or website that only sells cyber insurance.
An Effective Cyber Insurance Strategy is Not a Single Policy
Internet Security Threat Report
Standalone cyber liability insurance does not address all of the cyber exposures today’s companies face. As a general rule, these policies primarily only cover third-party damages or the damage caused to people or companies who are not the policyholder. This means that the policy will cover things like the costs to defend and settle a lawsuit brought against a company as a result of that company’s systems getting hacked and customer information stolen. However, first-party damages, or damages directly to the policyholder, are often not covered automatically and instead need to be added. This means that things like lost revenue, reputational damage, and regulatory fines are not covered potentially leaving the policyholder exposed for tens, if of not hundreds, of thousands of dollars in uncovered costs.
This where a deep understanding of insurance and not just cybersecurity is important. To provide comprehensive protection against all the expenses associated with a cyber breach, cyber liability insurance needs to be bundled with other types of coverages like crime policies and property policies. Therefore, if you’re considering purchasing from a company that “specializes” in selling cyber insurance, ensure you’re not getting a cyber program that includes all the necessary insurance policies and not just a policy that only protects you against third-party damages.
bookmark_border Free Resource
Companies Selling Only Cyber Liability Insurance are More Exposed
Inherently, insurance brokers and agents face a certain amount of exposure. For example, if a policy they sell their client doesn’t respond to a claim, it wouldn’t be unreasonable for the client to blame the broker who sold them the policy and try to recover from the broker as a result. For companies that are only selling standalone cyber liability insurance, there is a particularly high likelihood of a potential claim being denied because of the limited third-party damage scenarios these types of policies are often designed for. Therefore, by failing to advise clients that comprehensive cyber insurance includes policies like the crime and property ones mentioned above, standalone cyber liability brokers are exposing themselves to an increased risk of litigation from customers experiencing uncovered claims. If you experience an uncovered cyber claim and you purchased the coverage through this solution provide, you would most likely bring legal action against the company because their service failed.
Completing Risk Assessments Won’t Save You Money
A common practice among many of the new cyber insurance startups is to offer risk assessments or cybersecurity plans along with the insurance policy they sell. But this doesn’t directly decrease the price of the insurance itself. In fact, the ability for a company to save money on a cyber liability policy is very low. There is a common misconception that if you are completing a comprehensive risk assessment and putting a detailed cybersecurity plan in place, the insurance carriers won’t charge as much for the insurance. In reality, underwriters already expect and assume that these measures are in place so you certainly won’t be rewarded for implementing them.
At the end of the day, one size never fits all with business insurance and this is especially true for cyber insurance. It’s important that business owners are careful when selecting a vendor for this important but specialized line of protection and that they make sure the coverage they buy will respond to as many of the threats their company faces as possible. At Layr, we take pride in ensuring our customers are provided with well-rounded protection through insurance and even our flat rate cyber liability policy includes protection for both third-party damages as well as many of the most common first-party damages. If you’re interested in learning more about cyber liability and data breach insurance including what it does and doesn’t cover, download our free cyber liability insurance e-book that we authored to help companies make better and more informed cyber insurance purchases. Finally, if you purchased a standalone cyber policy and would like to make sure your company is adequately covered, contact us and we’d be happy to perform a free review.