7 Common Cyber Insurance Misconceptions

Experts predict a cyberattack occurs every 11 seconds and the cost of these attacks will exceed $6 trillion in damages in 2023. Even with these staggering statistics, less than 35% of organizations carry standalone Cyber coverage. Why? Below are common misconceptions to consider:

We Don't Store Sensitive Data on the Computer and Only Utilize Paper Files

It is important to remember that privacy laws apply to Protected Health Information (PHI), Personally Identifiable Information (PII), and other protected information stored in any format, which includes any paper files. Cyber liability policies are designed to extend to protect information stored in any format.

We Don't Ever Collect Data that Could Be Considered PHI or PII

Even if you don’t store much PHI or PII there are cyber exposures to consider. Any business that relies on a computer system to operate has cyber exposures. 90% of cyberattacks involve social engineering tactics. The most common, and relatively costliest, claims stem from fund transfer fraud and ransomware. These claims result in financial losses to your firm directly and are insurable under a cyber policy.

We Don't Need Coverage Because We Outsource Our Information Technology Functions

Using a third-party for your IT doesn’t eliminate your exposure. According to state and federal privacy laws, the obligation to protect personal records remains with you. Even if a third-party vendor is responsible for a breach confidential information, you are responsible for notifying affected parties and the subsequent regulatory requirements. Furthermore, should your third-party provider experience a system failure, it could affect your business and a business interruption loss could result. 

We Are Listed As Additional Insured on Another Party's Policy

You may have asked another party to list you as an additional insured under their cyber liability policy.  This is dangerous territory as the extension of another party’s coverage to you may not provide comprehensive coverage for you for your own expenses and liabilities, only expenses borne by a third-party. Cyber policies are designed to provide first-party coverage for insureds including extortion and business interruption coverages.

We Have Transferred All Our Cyber Exposure Through Contract Verbiage

Some contracts include provisions for relief for cyber security concerns. However, this verbiage is often narrow; covering only circumstances involving or caused by the other party to the contract. These contracts do not include provisions resulting from your own privacy mistakes or breaches, resulting in a serious gap in coverage. Additionally, in the event of a cyber incident in which both parties to the contract were named, you may have an additional burden of suing for breach of contract in the event they are unable to live up to contract requirements.

We Have Coverage On Our Other Standard Insurance Policies

Cyber coverage under traditional lines of insurance fall short of the comprehensive coverage found in standalone policies. Most often the definition of cyber coverage is concise, and the limit offered is minimal. A separate cyber policy is built to cover the gaps left by your standard lines of coverage and includes access to cyber liability experts and cyber specific claims adjusters to minimize interruptions to your business in the event of a cyberattack. Cyber policies offer broader coverage at higher limits and can be customized for your unique needs.

We Are Just a Small Firm, So We Aren't a Target for Cybercrime

It is estimated that 40% of cyberattacks affect small businesses. Smaller organizations often have inadequate IT infrastructures, which can make them an even more desirable target for hackers. Furthermore, most smaller organizations do not have disaster recovery plans or backups to data to allow operations to continue in the event of a ransomware attack. As such, hackers know small businesses are more inclined to pay ransom demands to recover systems and data as they can afford for their systems to be down. It is important to note that over one-third of firms that paid off a ransomware attack still did not recover their encrypted data.

Safeguarding Your Success

Over 60% of business that experience a cyberattack close their doors within six months as they are unable to financially recover. The time to purchase coverage is now, while comprehensive terms and competitive premiums are available in the market, especially for those firms with proper cybersecurity procedures. It is important to partner with a cyber liability expert to construct a policy suitable for your business operations. Contact Sentinel today to learn more about how we’re dedicated to Safeguarding Your Success.

Share on LinkedIn

About The Author

Cassandra (Cass) leverages her extensive knowledge and experience as Director of Specialty Lines, providing technical support to our clients in addition to program design and implementation of new accounts.

She works closely with our Client Executives and Account Advisors to continually enhance the client experience and will serve as a trusted industry resource in thought leadership.

With close to 20 years of industry experience, Cass has held previous positions as an executive and professional liability broker. She is driven in developing complex risk solutions for a vast variety of risk exposures while demonstrating a “client-first” approach.