Are There Conditions With Getting Cyber Insurance?

Caeva O'Callaghan | April 6th, 2021

You need to meet certain criteria to obtain certain insurance products. But is that the case with cyber insurance?

There are no conditions to a standard cyber insurance policy beyond those for any general insurance product.

However, your cyber insurance provider will expect more in-depth insights into your business and day to day operations than you may be used to giving out. This is in order to give you the best cover possible, as well as making sure they are aware of all the facts in the event you make a claim.

In this article, we’ll discuss the following questions:

  • What are the terms and conditions of a cyber insurance policy?
  • What details do I have to give for cyber insurance?
  • How would I void my cyber insurance?

As with any insurance product, as long as you conduct yourself in a transparent and honest way and communicate clearly with your provider, there should be no problem.

What are the terms and conditions of a cyber insurance policy?

The terms and conditions of any insurance policy vary from product to product, and indeed policy to policy. They are usually customisable, as you may be able to add or remove different parts of your policy in agreement with your provider.

You can read the terms and conditions of any insurance policy to get an idea of what will be included in the small print: things like timely payment, that you understand what the policy includes, and what will and won’t be covered.

While there are no conditions to getting a cyber insurance policy, there are eligibility criteria, although these will be mostly common sense.

In order to get – or indeed, have use for – cyber insurance, you must:

  • Operate a business or trade
  • Conduct some or all of your business online (storage of data, processing of customer information, etc)
  • Want to receive aid in the event of a cyber attack

As the internet occupies more of our lives, it’s easy to overlook how much of our business happens online. No matter if you just use a third party payment provider such as Stripe, host vital contracts on the cloud, or collect leads from your website’s sign up form, cyber insurance means you’ll have cover if that information is compromised.

What details do I have to give for a cyber insurance policy?

When you apply for a cyber insurance policy, you will be asked questions about your business and how you operate. This usually comes in the form of a questionnaire.

The more data you hold, the more your provider will need to know. They will ask you about your IT system, what third party services (if any) you use, and what data you store and collect.

Not only that, the more you can tell us about your firewalls, security, virus updates, VPNs, password controls the better. Giving your insurance broker this information enables them to search the market for the best cover for you.

You also need to inform them if you’re particularly worried about a particular kind of security threat, or are aware of a potential weak spot in your cyber security. For example, if you hold thousands’ of customers’ and employees’ sensitive data, a data breach would be disastrous to your company. You may mitigate these risks by having it all stored on servers that can only be accessed by VPN and we are very careful about firewalls and keeping anti-virus software up to date. However, you are aware that if these servers were compromised, hackers would be able to get their hands on all your data at once.

Having such detailed information at the outset will help your insurance company set up a policy which not only protects you from cyber crime, but which will help you get back on your feet as quickly as possible if the worst occurs.

How would I void my cyber insurance?

Ideally, you wouldn’t. But it’s best to be aware of the actions and activities which would make your claim unsuccessful in the event of a cyber attack.

Firstly, you would not be able to make a claim if you have shown to be negligent in your cyber security. Most cyber insurance policies are reassessed every 12 months, and the onus is on you to ensure that your organisation’s cyber security software is up to date. If you have found to have misled your insurance provider about the robustness of your cyber security, they will be unlikely to pay out because you’ve invited risk into your business unnecessarily.

Secondly, and fairly obviously, your cyber insurance will not pay out if they suspect malicious activity on your part, or if malicious activity occurs within your company that does not fall within the remit of cyber crime. Cyber crime is a defined activity whereby a third party, sometimes operating on the other side of the globe, accesses data remotely and steals it or uses it for criminal means. If your employee steals your password from your desk file and uses it to embezzle funds, this would be covered under your crime policy, but not your cyber insurance policy.

Cyber insurance providers assign forensic computer investigators to look into the source of the hack. If these security experts find that the data breach was done by you in an attempt to commit insurance fraud, it goes without saying that your claim will fail and you will face legal consequences.

Talk to us today about your cyber insurance needs

If you are confused about cyber insurance, feel free to pick up the phone and talk to our cyber insurance experts. We look forward to helping you protect your business.





All Information in this post is accurate as of the date of publishing.