What to Watch Out for in a Cyber Insurance Policy
Cyber Insurance policies are complex, even if you have already figured out what it covers and how it works. We have outlined here some of the things to watch out for when you have, or are purchasing, a cyber insurance policy.
1. Disclosure of Information Before & During the Policy Period
Someone applying for insurance must disclose any matter they know to be relevant to the insurer’s decision to accept the risk. Continuous disclosure is also very important: if there is any material change to the company during the policy period, the insured needs to keep the broker/insurer informed of the change.
2. Cancelling a Policy
Cyber Insurance policies are written on a claims made policy form, which means the loss/claim must be reported and indemnity granted during the period of insurance to trigger a claim. If a policy is cancelled and a claim is reported afterwards, the claim will likely be denied – even though you may have had a policy in place at the time the loss actually occurred.
An example of this situation is if your system is breached while you have a policy in place, but you aren’t made aware of any loss/attack until later. If you had a policy in place when the breach occurred, but cancelled it before you were made aware of the loss, the claim would likely be denied. This can be more likely than one would think, as cyber criminals can breach a system (take control, install malware/ransomware, etc.) months before they decide to take any sort of action that notifies you of the attack.
3. Social Engineering Coverage
This is an important coverage, as Social Engineering losses are more frequent than ever, but this section is typically automatically excluded from a policy unless it is specifically added and noted on the schedule for an additional premium.
This coverage is also often misunderstood and lumped under the term “Cyber Crime” – this is incorrect. Cyber Crime is a very broad term that can include sections that are almost always automatically covered, such as Cyber Extortion. Social Engineering has recently been defined more adequately as Funds Transfer Fraud, which is the fraudulent transfer or theft of funds caused by instructions made by a person purporting to be an authorized employee, outsourced provider or customer of yours. This also covers off the definition of “phishing”, which would be included in this section.
This coverage is typically optional for an additional premium and is sub-limited. To see if your policy includes this coverage, it should be detailed on the policy/quotation schedule and further explained in the policy wording.
4. Retroactive Date & Known Claims
The retroactive date determines if a policy will provide cover for past acts that have only been discovered after the fact – in the policy period. If this date is either “unlimited” or states a specific date, there is cover for claims that had occurred in the past and reported during the policy period, as long as they were not previously known by the insured. If this date is “inception”, then cover is only provided for acts occurring after the policy is put in place while it is in force.
Cyber Specific Exclusions
** The above are general examples only; each insurance policy is different and standard exclusions may apply. Please read your PDS and contact your insurance advisor to review your specific policy. **
Have any questions?
Talk to one of our Cyber Experts today!
We are a specialist insurance brokerage with an emphasis on adding value to our clients by helping them make an informed decision. Our approach combines that of an insurance broker and consultant, where we focus on providing expert advice to our clients while customising their insurance program and risk management solutions.
Since starting in 2013, KBI is constantly growing and becoming a leader in the Australian market. Our primary point of difference is that we don’t try to be all things to all people. We work in niche areas, where we can tailor an offering, advice and broker support to meet the specific area’s needs.
By Tyler Speers
Tyler Speers is an Account Manager at KBI with a focus on Cyber insurance.