Cybersecurity insurance covers liabilities your company faces if you’re the victim of a cybercrime. 
While important, not all cybersecurity insurance policies are the same. Find the right coverage for your needs and vulnerabilities when you compare several cybersecurity insurance features.
Coverage
Your cybersecurity insurance policy can include coverage for a variety of pre-loss and post-breach events.
- Fraud
- Data breaches
- Extortion
- Forensics
- Customer notification
- Business interruption
- Public relations
- Regulatory fines
With your insurance agent, decide which of these coverage types are necessary for your business. Consider the most expensive consequence of cybercrime for your business, and at least get coverage for that area. For example, your most expensive costs may come from notifying the public, investigating the incident or covering business interruption costs. After you determine which types of coverage you need, review different policies to ensure they meet your needs. For coverage focused on breaches, see Data Breach (Cyber Liability Insurance).
Policy Language
Different cybersecurity insurance carriers use different names for policy features. For example, companies can use “data breach fund”, “event management” or another name when describing the money allocated to handle a privacy event.
Carefully read the policy and ask your insurance agent to verify any language you don’t understand. Then ensure you compare the same items as you shop around for coverage. If you want a concise primer, see What is Cyber Liability?.
Exclusions
Be aware of policy exclusions that limit your coverage. Exclusions can include:
- Acts of terrorism
- Events caused by employee negligence
- Failure to maintain security standards
- Third-party providers your company hires to perform business operations or store and manage data
- International locations
- Employees who work from home or travel
Review these and other exclusions to ensure your business remains adequately covered by your policy.
Triggers
A trigger describes the event that launches your insurance coverage. You may wish to pay extra for coverage that’s triggered immediately when the issue happens rather than days or weeks later when you notice it and file a claim, but verify that your policy includes this option.
Customer Service
Ensure you receive the best possible care after you file a claim when you evaluate a company's customer service. Ask for details about the investigation process and how long it takes to pay a claim. Check online ratings, too, for insight from other customers.
Price
Instead of automatically choosing the policy with the lowest bottom line, be sure your policy has everything you need. Also, remember to calculate how much a cybersecurity incident will cost your business as you choose insurance that could ultimately save you thousands of dollars and save your company from financial ruin.
Cybersecurity insurance protects your business. Use these tips and talk to your agent as you compare coverage and purchase the right policy for your needs and vulnerabilities.
Frequently Asked Questions
What does cybersecurity insurance typically cover?
Policies commonly cover fraud, data breaches, extortion, forensics, customer notification, business interruption, public relations and regulatory fines, but coverage varies by policy.
Will cyber insurance pay regulatory fines?
Some policies include regulatory fines, but coverage, limits and exclusions differ, so review the policy language carefully.
What is an exclusion on a cyber policy?
An exclusion is a condition or event the policy will not cover; common exclusions include acts of terrorism, employee negligence, and failures to maintain security standards.
How do triggers affect when coverage starts?
A trigger defines the event that activates coverage; policies vary on whether coverage is immediate or requires notice, so check the specific trigger terms.