Cyber Insurance is typically purchased as a standalone policy covering cyber risks, but some organizations think that they have comprehensive Cyber Insurance when they have really purchased an add-on to another policy. Add-on cyber coverage is rarely comprehensive, and in some cases can mislead an insured into thinking that they have comprehensive cyber coverage.
Because standalone Cyber Insurance policies are specifically designed to respond to cyber-related incidents, these policies are more comprehensive. For example, limits typically start at $1.0 million, and sublimits for the most difficult exposures are often more than adequate for typical SMB (small and medium-sized business) needs. Coverage may include fraudulent funds transfer coverage, a coverage that is hard to get with an add-on product.
Add-on coverages, for example as an endorsement to a standard BOP policy, typically come with low limits, often $50,000 or less, and limited coverage (see here). In one example, a client noted that they had ransomware coverage in their BOP cyber add-on. However, a close read of the coverage revealed that coverage was limited, and only applied if the criminals made a specific type of attack – other ransomware attacks were excluded.
But according to Deloitte (here), SMBs are passing on standalone Cyber Insurance:
Despite the threat of cyber perils and lack of adequate coverage, SMBs are often passing on standalone insurance…. The reasons range from lack of knowledge of what standalone cyber coverage provides to erroneously thinking their current business policies will cover damage from a breach. Forty-three percent of SMBs passed on standalone cyber coverage believing their current business policy covers damage from cyber events, according to the Deloitte report.Deloitte
You may not know which Cyber Insurance policy is comprehensive or what you need. That is where we come in. We will help guide you so you may balance coverage and price.