Sunday, March 18, 2018
Insurance Sidebar :: Amy Stewart PC’s Law Blog on Insurance Coverage Issues Minimize

Tips for Buying Corporate Cyber Insurance

Thursday, May 19, 2016

After cyber breaches have dominated the headlines for more than a year (e.g., Target, Sony), experts now say there are two types of businesses in today’s world –  those who know they have been hacked, and those who have not yet discovered the breach. As a result, more businesses are researching and obtaining cyber insurance to alleviate the risk of an attack on their computer systems. When shopping for cyber insurance, keep the following in mind:
  1. Policies are not standardized. The terms vary widely – from insurer to insurer and from policy to policy. The bad news = buyer beware. The good news = there’s room for negotiation, especially for large insureds. Compare the policy forms carefully. Look at the policy language specifically, not just the marketing hype.
  2. Beware of exclusions that effectively shift the risk back to the insured – to follow certain protocols, policies, procedures, etc. CNA just sued an insured to avoid coverage because the insured did not do all of the things it said it does in its application.
  3. Look for fines + penalties coverage. It’s widely available in the cyber market. If the policy defines “Loss” to exclude fines and penalties, ask for the coverage.
  4. Negotiate for specific vendors on the front-end. If you want to use a particular breach coach or notification company, ask the insurer for approval when you buy the policy. Otherwise, expect to be limited to the vendors the insurance company has pre-selected to include on an approved panel.
  5. Pay attention to sub-limits (a lower limit applicable to certain covered costs) – notification costs, for example, may be subject to a dollar amount sub-limit, to a number of records, or to a number of notification recipients. For example, a policy with a $10M limit of liability may have a $5M sub-limit for notification expenses, which means the insurer will pay notification expenses only up to $5M.
As corporate America tries to stay ahead of cyber exposures, the insurance industry is scrambling to create sustainable but cost-effective solutions to meet the risk-transfer demand. As the market evolves, businesses need to understand both their risks and the scope of the insurance policies they are considering. We help businesses review, understand, and negotiate policy language to obtain the most coverage for the premium dollars spent. If you need assistance with your cyber policy purchase or renewal, please contact us.

Click here to receive our firm’s e-newsletter, which includes updates on insurance law and other news important to business policyholders.
Return TopTrackbackPrintPermalink

Share this Post

Currently rated 0.0 by 0 people


Have something to say? Join the discussion.
  1. Insurance Sidebar's avatar Insurance Sidebar said on 7/25/2016 3:22 PM: Reply  
    Trackback from Insurance Sidebar

    It’s clear that businesses are aware of the risks posed by cyber breaches, given the growth of the cybersecurity industry and the growing number and variety of insurance products available to help companies recover from cyber attacks.  St ...

Remember my details
Notify me of follow-up comments via e-mail

Firm Web Site Minimize
Please visit our web site at
About Minimize
Amy Stewart Law is a boutique law firm that represents policyholders in insurance coverage litigation and bad faith, with an emphasis in directors & officers liability, cyber insurance, fiduciary liability, professional liability and other specialty liability coverages.

Practice Areas Minimize
  • insurance coverage litigation
  • bad faith litigation
  • policy interpretation & analysis
  • insurance review & planning advice
  • advice | insurance disputes
Amy Stewart PC | Dallas, Texas | Copyright 2018 | All Rights Reserved