Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.
At times, vague coverage can actually work for you.
Question: What legal language should I look out for when selecting cyber insurance?
Andrea Luoni, CEO and founder of RateCraft: This is a great question because a higher premium does not always equal better protection when it comes to cybersecurity insurance. That's because money does not guarantee protection – language does. Many coverages can actually be added or increased by adapting the language with little to no change in premium.
Although it may not seem like it in the moment, vague coverage surrounding cybersecurity can be better in some cases, as it can give business insurance attorneys more room to find an opening for coverage in the case of a legal conflict with the carrier.
Conversely, if the language is very specific, be cautious of what it is or is not saying. For example, if the policy lists coverage for being hacked or a ransomware attack, these are good things to be included that could be of great concern to a business. However, that may mean other cybersecurity issues, such as social engineering, are not covered. The business may not even know to look for social engineering coverage or whether the carrier offers the coverage but under a different name.
Read the fine print, or exclusions, too. It could have a clause that voids coverage for "insider compromise" or that unknowingly requires social engineering coverage to have dual authentication implemented. A cyber policy should also have universal triggering definitions between first- and third-party coverages. Many policies can lack this, which can cause problems if claims are covered on one side of a policy and not the other.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024