The answer is YES, there are often “blind spots” in your business insurance policies. Due to the high incidence of ransomware attacks last year, insurance premiums have increased as much as 40% and polices may have limitations to further protect the insurer.
Mind the Gaps in Your Insurance Policy
Recently, our Strategic Advisor in Evansville, IN gave us a few tips to better understand insurance policies. You should ask the following questions about your business’ Cyber Liability Insurance policy.
Does my insurance coverage have sublimits?
A sublimit is the maximum payout for specific types of incidents. This limits the insurance company’s risk. If your policy says “$500,000 in coverage”, it also has sublimits for certain types of damage or certain items. For example, you may have a sublimit of $250K for business income loss, or $25K for ransomware.
Can my carrier go above $1M?
$1M is an insurance industry standard. Many companies have experienced breaches that surpass this limit.
Does my policy include ransomware coverage?
Will the policy specifically cover ransom paid out? Most cyber liability policies include ransomware, but there isn’t a standard, so coverage varies with each insurer. The limits are often much lower than the policy amount. We can go back to the question about sublimits – often ransomware can be as low as $25K.
How will my policy help with the cost of reputational harm?
This one is HUGE. Very few policies cover this in the months following a breach.
What type of breaches fall under war exclusion?
Many polices exclude acts of war, or state-sponsored cyber operations. For example, because the NotPetya malware was used by governments to attack other governments, it didn’t fall under the policy.
How will my policy help if my employee wires money to a fraudulent account?
Not every insurance policy covers wire transfer fraud. The money is often seen as voluntarily transferred. When covered, there is usually a limit of $250K. This type of crime has skyrocketed and is the costliest to businesses. Business Email Compromise is most often associated with this type of fraud. This is where multi-factor authentication, employee training and policies go far in preventing being scammed.
These are the top things that insurance companies will try to get out of paying.