There was an excellent article in the October 5 Harvard Business Review on evaluating cyber risk. If your business is in the process of quantifying its cyber risks – and every business should be – the article “Can You Put a Dollar Amount on Your Company’s Cyber Risk?” is a must-read.
Highlights from the article are summarized below, but, first, keep in mind two major concepts when purchasing cyber insurance:
1) Be careful what you tell your insurance company you’ll do to prevent data breaches as those promises can come back to bite you if those policies aren’t followed to the letter (and since so many breaches are linked to human error, they almost never are);
2) Because cyber is such a new and evolving area of risk, and there is so little standardization among policies, there is room for negotiation when purchasing a cyber policy.