What do clients need to know about their cyber policy?

What do clients need to know about their cyber policy? | Insurance Business Canada

What do clients need to know about their cyber policy?

Navigating the cyber insurance marketplace is a daunting task, with threats and products constantly changing. As such, it’s vital to know there is a network of professionals that will help clients understand how they can mitigate both financial and reputational harm.

“Having an ecosystem of experts is so crucial to clients as, for many, when they’re attacked, it’s the first time it’s ever happened,” John Farley (pictured), managing director of Gallagher’s cyber liability practice, told Insurance Business.

Read more: Cyber risk landscape looks set to grow in 2022

Cyber insurance can come with a whole host of preventative services, with carriers providing a range of resources to prevent an attack from happening in the first place.

“Carriers provide threat intelligence and assessment services, looking through the same lens as a hacker which helps clients on the front end, but also on the back end in the event of an attack,” said Farley.

Many services are free or discounted to help mitigate potential risks, and with access to a breadth of experts, clients can be guided on what to do following a breach in a comprehensive manner. This helps from a bottom-line cost perspective, as well as a reputational harm perspective.

“It comes down to connecting clients with a panel of experts that come with the policy that are pre-approved by the insurance company,” Farley explained. “The broker’s job is to reel them in, calm them down and get them to focus on compliance and cyber insurance requirements.”

Spreading awareness of access to breach coaches, forensic firms, legal aid, public relation experts and data asset restoration experts will ease the mind of clients as they can see the value their coverage brings to the table. When clients are familiar with the level of support they are receiving from a policy, brokers are able to retain more business.

“One of the first vendors you engage with is an IT forensics firm, where they track the digital footprint of a hacker to determine when they got in, how they did it, and what information was compromised,” Farley explained. “From there it is easier to determine what has to be done in terms of legal obligations.”

Following legal advice, additional data restoration experts can be brought in, then public relations coaches and so on.

“Brokers need to be aware of robust vendor management programs too and ask if vendors have the proper insurance to reimburse you for costs that may be incurred,” Farley added.

In addition, Farley noted that brokers should be focusing on changes in exclusionary language, and coverage limits.

“There’s no such thing as a standard cyber insurance policy and every good broker knows that, and is aware of changes as they happen,” he said.