Cyber Insurance Checklist: What to Look for

August 30, 2022
A woman considering cyber insurance on her tablet.

No one knows what the future may bring, and if an accident or disaster occurs at the wrong time or place, it can cause serious damage and far-reaching financial complications. This is where insurance comes in. We depend on insurance to protect our valuable assets from unexpected dangers. After all, some things are just too important to lose.

And that includes your business's sensitive data.

Why You Need Cyber Insurance

Cyber security insurance protects you and your business in the event of a data breach. And, given that the world saw a staggering surge in cyber attacks over the past year, cyber security insurance has never been more important than it is right now. The financial impact of a business experiencing a cyber event can be devastating.

Cyber insurance places a protective buffer between your organization and the growing risk facing data security. But perhaps even more than that, evolving regulatory mandates are making it the responsibility of modern businesses to take measures to protect their customers' private data. Federal, state, and foreign privacy laws establish expectations on how an organization can collect, store, share, use, and dispose of sensitive customer and user data, and failure to meet these expectations can result in stiff penalties.

Acrisure Cyber Services offers solutions for businesses of all sizes. With market-leading cyber coverage, award-winning cyber claims service, and free risk-management tools, Acrisure has the insurance resources and support you need to feel safe and secure in the face of mounting cyber threats. But insurance is a broad term; how can you be sure that you're focusing on the right issues and investing in the right kind of protection? To help you get started, we've compiled this cyber insurance coverage checklist:

Cyber Insurance Coverage Checklist

  • Assess Your Risk. Nearly every company today has valuable data and sensitive information that hackers would love to get their hands on. That said, there are certain types of organizations that are more actively targeted. Hackers may choose to pursue organizations that are known to handle larger amounts of sensitive data, such as banks, educational institutions, and healthcare providers. At the same time, businesses that rely on outdated technologies, are unable to invest in adequate cyber security, or that have been shown to be vulnerable to attacks in the past may also be at higher risk.

    Take the time to assess the potential risk your company faces, and create estimates of what kind of damages and other consequences you might be facing in the event of a successful data breach.

    Want a clearer idea of what kind of risk your organization may be facing? Take advantage of the Acrisure Free Risk Assessment to see for yourself.

  • Identify Where You Need Coverage. Understanding your risk and what you stand to lose is essential to answering the question "How much cyber insurance do I need?" Next, you'll want to evaluate your IT infrastructure and determine how susceptible it is to attack. Take a close look at your technologies, with particular emphasis on their vulnerability. This should include any and all potential entry points that a threat actor might be able to take advantage of.

    Network security coverage will likely be a necessity, but what about coverage for lost or stolen company mobile devices? And will you need to be covered for losses in 3rd party systems? Different areas may demand different types of coverage, so you will need to be thorough in identifying where the risk is most prominent.

Some essential areas of coverage can include:

  • Network Security
  • Ransomware Extortion
  • Legal Expenses
  • Public Relations
  • Liability Forensic Investigation
  • Fines and Penalties
  • Incident Response

  • Figure Out Your Budget. The main idea behind insurance is that the cost of your coverage should be less than the value of the protection it offers. With a clear idea of what kind of insurance you need and approximately how much a breach could end up costing you, you can now begin to establish budgeting parameters.

    This particular step will be ongoing as you research types of cyber coverage and shop around for policies. But it's important to get started early on figuring out your budget so that you won't have to start over once you find out what your monthly premiums are going to be.

  • Understand the Types of Insurance. Even as the cyber insurance industry continues to evolve to offer more specialized coverage, most types of cyber insurance policies can be categorized into one of two different types: First-party coverage and third-party liability coverage.

    First-Party Coverage: First-party coverage exists to offset the costs associated with mitigating a cyber event. This may include expenses related to detecting and responding to a cyber event, soliciting legal advice following an event, replacing hardware and restoring data, and recuperating losses from business interruption.

    Third-Party Coverage: Third-party liability coverage is designed to protect organizations from the possible legal costs of a cyber event. Cyber liability coverage addresses expenses associated with lawsuits resulting from a breach, as well as costs related to regulatory investigations, fines, and penalties.

  • Find the Best Policy to Fit Your Needs. Once you know what you need, how much you can spend, and what kind of coverage is available, your next step is to take a closer look at individual policies. Work with providers to determine exactly what each policy covers, whether there are any holes in that coverage, and how provisions may be provided. Understanding the conditions, terms, and exclusions of the policies you consider will help guarantee that when a cyber event occurs, your coverage is up to the task of providing relief.

    Finally, it's time to refine your search based on your budget and other preconditions. Make sure to fully evaluate what kind of coverage you need, vs. what coverage you can probably do without. If you work with vendors who might expose your company to risk, only consider those policies that offer broad enough coverage to include third parties.

    Also, consider asking for retroactive coverage for any breaches that may have already occurred but have not yet been identified — otherwise you may end up paying for insurance only to discover that it doesn't apply to an emergent situation that reveals itself after the policy has been signed.

  • Reevaluate and Update as Needed. Cyber threats are dynamic — they grow and change. Your business is likewise always changing. As such, you should periodically reevaluate and update your cyber insurance policy. This will help ensure that your coverage and liability are always a match for the reality of your business.

How Acrisure Can Help

Long gone are the days when a company could simply keep its head down and avoid the risk of a data breach. Today's cyber threats are varied and unrelenting, and target organizations of all sizes and in all industries. To fully protect your business from the financial, legal, and reputational damages that can result from a cyber incident, you need a dedicated and knowledgeable insurance partner.

Acrisure Cyber Services provide innovative coverage that is a match for any risk. Contact Acrisure today for a free risk assessment, and get the protection your business needs to grow with confidence.


The insurance products described are placed by Acrisure, LLC and/or its insurance producer affiliates. The non-insurance cybersecurity and related cyber services described are provided by Acrisure Cyber Services, LLC, an affiliate of Acrisure, LLC.


Share a Story

Have you noticed a trend in financial services? Curious how
we craft our content? Looking for Acrisure to comment in
the media?