“Not every company has the same risk.”
Judy Selby founded Clearview Privacy Consulting LLC and Judy Selby Consulting LLC, bringing her 25 years of insurance coverage litigation experience to her insurance consulting services. Judy is an expert in cyber insurance and coverage under various policy forms for today’s emerging risks. She provides coverage evaluation, policy negotiation, gap analysis, and policy drafting services to companies across multiple industries. Bringing greater clarity and certainty to their insurance programs.
What does cyber insurance typically cover?
Judy: “At its core at the most fundamental level, cyber insurance covers a disclosure or a breach of confidential information that your company is holding. Probably the best component of the cyber coverage especially for small and mid-sized companies is what we call the first-party benefits of cyber insurance. The cyber insurance companies have what I call a cyber swat team. They have panels of professionals that really come to your rescue and help you deal with this breach situation. The breach situation is bad in and of itself, but if it’s not handled correctly it can go from being just a bad thing to a disaster.
Judy: “The coverage also provides what we call third-party coverage or liability coverage. If you have claims or lawsuits by customers or other people whose personal information has been disclosed. If you’re investigated by regulators in connection with a cyber incident. Those are the real basic components of cyber insurance.”
How to look at your existing general liability policies.
Judy: “Well, I would be very, very careful and I certainly wouldn’t make any assumptions about them responding in a complete and effective way to a cyber incident. General liability policies for a number of years now, have exclusions for cyber. My advice to companies is to really take a hard look at a standalone cyber insurance policy. I often see cyber coverage endorsed to more traditional policy forms. But you have to be really careful about that because again, the coverage is probably not nearly as complete as what you got on your cyber form.”
How to get cyber insurance policies for your business.
Judy: “There are some companies you can just go online and get your policy. most people will work with their broker and say, ‘I want cyber coverage.’ And I encourage people to do that and to consider lots of options.”
Judy: “Before you even take those types of steps, the first thing you need to do is understand what your risks are. You really need to do some risk assessment and figure out well, where are exposures for cyber and privacy type of risk. Not every company has the same risk. Not every company has to buy the most expensive or expansive cyber insurance policy because you may not have all the risks that that policy provides coverage for. But do risk analysis and figure out what your risk profile is. And then take a look at your current programs.”
Judy: “The next step is filling out the application. The application for cyber insurance really varies from policy to the policy, carrier to carrier. I always urge people to be super, super careful filling out the application. Be 100% accurate. You probably still will get covered even if you don’t have perfect answers to every question. If there’s any questions you’re not 100% clear on, you don’t want any ambiguity in the insurance application.”
Judy: “The next step then is now you’ve identified all the risks, you know your coverage gaps… work with your broker, work with somebody like me as well, if you’d like and make sure you get coverage to match up with the risk that you actually have.”