Luma Al-Shibib and Steven Pundell, attorneys at policyholder law firm Anderson Kill P. C. have posted on the Risk & Insurance website on how to navigate around Cyber insurance policy issues to maximize recovery in case of a loss. Their tips:
- Complete applications with an IT security officer or employee. Insurers ask specific questions about cybersecurity infrastructure and controls. These technical questions should be answered by people who know your system.
- Identify and address cybersecurity vulnerabilities before an attack. Post-attack improvements may be excluded or limited by policy terms.
- Hire pre-approved experts if required. Policies may limit experts to an insurer's list.
- Review other policies for potential coverage including "silent cyber" (not mentioned but not excluded).
- If you are required to mitigate damage from an attack, your costs may not be covered.
- Insurance company experts may not value your claim properly. You may need to retain your own expert(s).
Cyber insurance policies are detailed and not easily understood. No two policies are exactly alike. When buying insurance, be sure to have someone who understands the coverage explain any terms you don't understand.