Get COVID-19 updates and resources.


Five Things to Ask on the Path to Cyber Insurance

In a world where more than $400 billion of U.S. intellectual property is lost each year to cyber crime, your business cannot afford to be without reliable cyber insurance coverage. But what does “reliable cyber insurance coverage” look like and how can you know the policy you’re signing up for will protect you if you need it?

Here are five questions to ask during any policy review process:

  1. Does the policy require you to use the company’s services to respond to the incident?
    1. Services are vetted and work at pre-negotiated rates
    2. Need to write in your own contractors
    3. Policy will usually limit payment to their rates
  2. Does the policy have an exclusion for contractual liability?
    1. Policies will pay for direct losses
    2. Often does not include contractual obligations (SLAs) or 3rd party risks
  3. Does the policy cover incidents that occur (occurrence policy) during the policy period or that are claimed (claim made policy) during the policy period?
    1. Want to be covered for as long as possible
    2. Incidents may take 150 to 250 days to be discovered
  4. Do you understand the boundaries between your standard general liability, property and casualty policies and what you’re seeking in a cyber policy?
    1. Cyber risk is unique
    2. Physical effects of a cyber attack also need to be covered
  5. How are you going to assess policy coverage?
    1. Check for sub-limits
      1. Make sure you’re adequately covered for all parts of the incident
    2. Are there any time limits?

Looking for more information on what the right cyber insurance policy might be for your company’s unique needs? Engage with a reputable insurance company and their legal team.

Cyber Risk Resources

About the Author

Dr. Joe AdamsDr. Joe Adams is vice president of research and cyber security for Merit Network. He may be reached at 734-527-6966 or For more information on Merit’s cyber security resources, visit online: