Skip to main content Skip to main menu Skip to footer

Cybersecurity insurance considerations

Cybersecurity insurance considerations

Decrease Text Size Increase Text Size

Page Article

The increased risks around cybersecurity have sparked many new questions about the role of insurance in helping to manage a firm’s security risks. Many firms are adding a cybersecurity insurance policy to insulate the firm’s finances against a major security breach. Below are some important considerations when evaluating the need for a cybersecurity insurance policy:

  • Cybersecurity coverage is not typically included in most commercial policies. A separate policy or rider is likely required.
  • Begin by putting a basic cybersecurity program in place — an effective program can reduce premiums.
  • Clearly understand the scope of cyber coverage; brokers can help clarify.
  • Firms should consider both first- and third-party coverage, to cover potential losses because of firm weaknesses or weaknesses of third-party vendors.
  • Be responsible: A cyber policy can be an important part of a firm’s cybersecurity program, but it shouldn’t replace cybersecurity policies and controls.

The National Association of Insurance Commissioners (NAIC) outlines some of the types of cybersecurity coverage being offered:

  • Liability for security or privacy breaches
  • Costs associated with breaches, such as customer notification and support
  • Replacement costs for restoring, updating, or replacing business assets stored electronically
  • Costs associated with business interruption
  • Liability associated with copyright infringement or product disparagement as the result of a breach
  • Expenses paid for ransomware or cyber extortion
  • Expenses related to regulatory compliance failures

Related Topics


Page Footer has no content