Cyber Risk Insurance - Navigating The Application Process

More and more companies are considering specialized cyber insurance policies to insure against cyber breaches.

Insurers offering such policies use their applications to understand the company's current cyber security protections and assess the risk of providing cyber insurance. Accordingly, the applications for cyber insurance can be highly technical and lengthy. The applications may inquire about your company's privacy policies, business practices, revenue, the number of sensitive files and the type of software and technology utilized by the company. As a result, navigating the application process can be difficult.

For example, you may find the following questions on a cyber insurance policy application.

  • Do you have a designated Chief Security Officer or a Chief Privacy Officer?
  • Do you regularly test or audit your network security?
  • Do you have a firewall?
  • Do you password protect computers and other electronic devices?
  • Do you require passwords be changed at given intervals?
  • Do you have anti-virus software which you regularly update?
  • Do you allow remote access to your network?
  • Do you have a plan in place if your system becomes inoperable?
  • Do you train your employees on cyber security?
  • Do you have written policies and procedures that are distributed to your employees?
  • What types of information does your company keep (credit card numbers, social security numbers, medical information, bank account information, etc.)?
  • Does your company have a website?
  • Does your website allow financial transactions?
  • What is your loss and cyber breach history?

These questions require specific knowledge about the policies and protocols the company employs. If your company's current cyber security protocols are insufficient, the insurer may deny your application or charge higher premiums for the same coverage. Alternatively, if you purchase the policy and later have a cyber breach, triggering a claim under the policy, the insurer may scrutinize your application. Mistakes or misrepresentations on the application may result in a denial of coverage.

Beyond simple questions and responses on the applications, some insurers require warranty statements in which the company seeking insurance warrants or swears under oath that it has certain security measures in place. Be wary of signing such statements. If the company fails to ensure continued compliance (even inadvertently), the insurer may attempt to rescind or void the policy.

For these reasons, it is critical you and your insurance broker work together, along with your company's security and information technology department, to fully and accurately complete the application for cyber insurance. In addition, it may be helpful to assess your company's cyber security strengths and weaknesses and implement a cyber security program prior to applying for cyber insurance to ensure insurability and obtain a good rate. A cyber security attorney can assist you with these risk assessments.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sherman & Howard L.L.C. | Attorney Advertising

Written by:


Sherman & Howard L.L.C. on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.