6 Red Flags That Tell You When It’s Time to Switch Cyber Insurers


Most businesses do not devote much attention to their general liability insurance policies until they need to make a claim. When that happens, a business might discover that an insurance policy that was procured several years before the claim does not cover the loss. This is particularly true in the rapidly changing field of cyber insurance.

Cyber insurance generally covers claims for direct and third-party losses resulting from a data breach or other unauthorized incursion into a business’s computer network. The cyberinsurance industry is barely twenty years old, but in those twenty years, new forms of cyber threats have emerged and the more innovative cyber insurance companies have altered the ways in which they assess risk and calculate premiums.

Given the changes in the industry, every business should review its cyber insurance coverage at least annually. If that review reveals any of the following six red flags, the business should consider if it has the coverage it needs and, if not, whether it should switch to a new cyber insurance carrier.

  1. Has the insurer simply renewed the cyber insurance coverage with no reassessment of risks?

Cyber insurance policies that were procured more than ten years ago are very likely obsolete. For example, network extortion (an early form of ransomware) first became a common threat around 2004. In response, the more responsive cyber insurance carriers added extortion as a separate coverage in their policies. If your insurer has renewed old coverage with no consideration of new risks, your business might have serious exposure to those risks. You should consider switching carriers if your cyber insurer has made no effort to provide updated coverage.

  1. Does your cyber insurer demonstrate real knowledge of the cybersecurity industry and potential cyber threats?

Currently, roughly 50 different insurance carriers offer some form of cyber insurance. Many of those companies first offered cyber insurance as add-ons or riders to existing general liability policies, but developed only limited expertise in cyber risks or data breach threats. Those limitations gave rise to a separate group of insurance carriers that had unique knowledge of those threats and a better ability to respond to them. If your business’s carrier does not have the expertise to understand and appreciate the extent of those risks, you should find a carrier that has this requisite knowledge.

  1. Does your carrier impose any limits on your cyber coverage?

Limitations in your current cyberinsurance policy can leave your business underinsured if not wholly uninsured against certain losses. Ask your carrier about coverage for intellectual property losses and continuing coverage for losses associated with extended cyberattacks. If you are not satisfied with the responses, seek more thorough coverage that has fewer limitations.

  1. Has your carrier increased its premiums automatically every year?

Corporate general liability insurance is frequently priced as a function of both risk and revenue. Organizations with higher revenue are generally charged higher premiums. Cyber insurance risks, however, typically bear little relationship to revenues. If your insurer raises premiums as a function of your business’s revenues but with no concern over type of electronic information and data that you maintain, you should look for a new carrier.

  1. Does your cyber insurance carrier add value beyond the cyber insurance policy?

Your cyber insurance company should be a partner that works with you both to reduce your exposure to risks and to compensate you for losses when risks come to fruition. A cyber insurer can add value to its policies by simultaneously offering cyber risk management programs that analyze weaknesses in a client’s information systems network and provide solutions to rectify those weaknesses. Your business should find another cyber insurer if your current carrier does not add similar value.

  1. Does your carrier have a reputation for denying claims?

Cyber insurance carriers have denied claims with complex arguments, for example, that hackers and not their insured clients have “published” stolen personal information. Look closely at your cyber insurance policy to determine when and to what extent a carrier will cover your losses. If your policy language has many exceptions and exclusions, look for a better policy with another carrier.

A good cyber insurance policy will grow and evolve with your company. Your burden is to review and analyze the policy at least annually and, if your current policy is inadequate, to switch to a carrier that offers a policy that provides the coverage you need and that helps you to minimize your cybersecurity risks.