Live Stream recap: Cyber Liability Insurance 101


Click here to download the Cyber Insurance Questionnaire

Cyber protection isn't new, but the recent cyber attacks on the Colonial Pipeline and the world's largest meat company have brought cybersecurity concerns back to the headlines.

Norman Lutz (CEO of Iron Ridge Insurance) and Jeffrey Haut (Attorney at Hahn Loeser & Parks LLP) joined Entech on a panel to discuss cybersecurity insurance. Here's what we've talked about:

What is happening in the insurance space

The industry has seen an increased interest in cybersecurity insurance, which started when the pandemic hit, but definitely grew with the recent attacks. With that, more experts are entering this space, which makes cyber insurance more accessible now than ever. Insurance companies want to see more information about businesses before making the decision to insure them. Certain sectors where more risks are perceived, such as healthcare, are also seeing higher policy prices.

The legal space trends

The market has really expanded and the availability of law firms that are taking on these kinds of matters has increased. Lawyers are becoming more well-versed on what types of risks are posed to businesses and how cybersecurity risks are being integrated on an overall risk management strategy.

Things you need to be aware of regarding policies

Be aware of lower sub limits of cyber insurance, which can sometimes give businesses the wrong idea that their costs will be covered in case of an incident. The reality is that lower coverage will be exhausted very quickly. Businesses need to consider how to adequately protect their cyber risks by selecting a robust policy more likely to cover them.

The difference between policies

The first party liability policy is what protects you. It also provides business income interruptions, extra expenses to replace computers that are destroyed in case of a ransomware, and funds transfer fraud, for example. The third party liability side covers the data breach notifications of the liability associated with third party access to information.

A typical robust cybersecurity policy that most carriers have available covers infringement or defamation; PCI and credit card processing fines and assessments; and regulatory fines and penalties.

How to effectively respond to a cyber incident

Have a written cyber response policy. The time to figure out who you're supposed to call first or what to do is not when you have an incident unfolding. Have a strategy. Early reporting is essential in all insurance claims.

Be careful touching your network after a cyber incident, it's important to avoid more damages after you've been attacked. From a legal stand point, you could potentially spoil or destroy evidence, making it harder for forensic investigators to track how the breach happened. You might need that evidence down the line to protect yourself in a law suit or if you decide to sue the provider who breached your information.

Should you pay when you get hit?

That's a decision you're going to have to make when an incident occurs in consultation with forensic investigators. It comes down to a professional judgment made at the time by cybersecurity professionals, attorneys and the customer whether or not they think the criminal is "trustworthy", meaning they know if they get paid and they don't unlock your system that people will stop paying them.

Also take into consideration how valuable the data is and if you have adequate backups. 

Key takeaways

  • Insurance is not a solution for everything. Good risk mitigation and partnering with a good IT provider is a much better plan than responding with an insurance policy after there's a claim.

  • Pay attention to differences in coverages between the data breach side and the "things breaking" side. Focus on the business interruption. The data breach notification and compliance sides are less common on standard policies. Be aware of what your policy doesn't cover.

  • Get a cyber insurance policy before you are hit with ransomware and have your policies reviewed before you need to make a claim on it. Use an attorney who is an expert on cybersecurity and risk management to help you go through the policy in connection with the broker.

  • Don't publish that you have a cyber insurance policy because it can make your business a target.

  • The number one way to stop the effects of ransomware attacks is to have backups, preferably real time backups. Work with your IT provider to develop an efficient backup strategy.

  • Don't open emails or attachments that you are not 100% sure are meant for you. The signs are there, just take a minute and pay attention to the details, like poor language and email signature. Reach out to the sender to make sure the document is legit.

  • Have a culture of cybersecurity that your employees like to follow. Your IT provider can set up consistent employee training, so they can properly spot phishing emails and avoid losing valuable information.

  • Insurance companies are requiring businesses to fill out cybersecurity questionnaire/applications to validate that cybersecurity postures are in place. Following these steps will provide you with the right coverage and price.

  • Treat cyber insurance like workers comp insurance, property insurance or general liability insurance. Assume it to be a cost of doing business. Do it proactively rather than reactively.

  • If you're not 100% sure that you're protected against cyber threats, don't assume. Work with your IT provider to make sure you have the right tools protecting your data.

  • Avoid insurance fraud by making sure you're filling out your application as accurate as possible. Inaccurate information is the number one reason insurance companies deny claims.

  • Have a written data breach response plan, so you'll know who to call and everybody's role depending on the situation.

  • Data breaches do not have to be an intrusion to the network to be considered data breaches. Be mindful of your data in shared thumb drives, laptops forgotten outside of your office, physical papers being thrown away (like medical records), etc. The most common form of data breach is someone exceeding the scope of their authorized access information.

  • The Florida Data Breach Notification Law was passed in 2014 to better protect Florida citizens' personal information by ensuring that reasonable measures are in place and that data breaches are reported to affected consumers.

What does the future look like

It's just a matter of time before regulation permeates down to probably all industries to take better cybersecurity posture. Companies who engage in third party business contracts with network access might see an increase in cyber insurance requirements.

Final thoughts...

Engage in best practices and don't assume you have all the pieces in place. Mitigate and reduce your cyber risks as much as possible by using good IT and contract practices and then look into getting insurance in place before you're required to do it or have a claim.

When you're done completing the questionnaire, please email it to

Contact us today, we can help.