The cyber insurance question: Additional protection beyond prevention

April 17, 2019

Even with good cyber hygiene and robust cyber security controls, your company may still need protection. Learn about the latest cyber insurance ideas.


You do everything you can to have good cyber hygiene. You prioritize key services, establish an incident response plan, implement controls to protect data, perform periodic monitoring, and manage risks from outside suppliers.

But, despite all your best efforts, there is still a chance that a security breach will happen to your organization. A Ponemon Institute study estimates as high as a 1 in 4 chance of a cyberattack – more than double the chance of catching the flu during winter.

Practicing good cyber hygiene, encrypting data, educating employees on social engineering, and eliminating new routes for hackers to exploit help lessen the threat. But what happens if a security breach still happens?

Regardless of whether your company provides cyber-related services or, more simply, you use data and technology to run your business, the question of cyber insurance becomes critical as part of breach response. This article will consider best practices for cyber insurance in two scenarios:

  • If your organization does not have cyber-related coverage
  • If your organization does have coverage, but it has not been reviewed for over a year

With the increasing frequency of high impact and publicly disclosed cyberattacks and data breaches in the world, more executives are asking themselves if they are at risk and what can be done to protect their organization against loss.


What to assess if you don’t have cyber insurance

If you haven’t explored a cyber-related insurance policy before, you’ll need to ask yourself a few questions:

How much cyber risk does your organization have?  Even if you aren’t in a technology-focused industry, you may still have risk related to information technology or cyber assets. If you’re using internet connected technology to run your operations, or marketing any solution that has an online component, you have some element of risk. If cyber risk isn’t already considered in your enterprise’s risk assessments, you may want to consider engaging outside advisors to incorporate it into your program.

What does your company have in common with other high-profile data breach targets?  Think of the major data breaches in recent years. Retail, hospitality, finance, healthcare, e-commerce and transportation have all been and continue to be targeted by cybercriminals. What are the common threads connecting these industries? Does compromised data in any of those cases bear similarities to your business? Would your cyber security program protect against the methods that were used in these cases?

Are there policies that would align with my level of risk?  Not all cyber insurance policies are alike. While many cover damages sustained by identity theft and reimburse for legal fees, others have exclusions that reject coverage for third parties or professional services. Research available policies to determine the right fit based on your level and type of risk. Include all relevant stakeholders – including those outside of your organization where necessary.

Determining your organization’s cyber risk profile and analyzing the best coverage to mitigate risk and loss takes a very specialized skill set and up-to-date knowledge of the insurance products available. This makes finding the right experts essential. Don’t assume the resources who advise your organization on other insurance products will be the right resources for your cyber risk profile.

Source: The Balance SMBCSO Online

What to assess if you already have cyber insurance

If your company does have coverage, it is a good idea to review the policy terms and coverage before you renew the policy. Here are some questions to ask as you review:

Does my policy evolve with new threats?  Cyber threats, and insurance, is evolving every year. Privacy concerns and regulatory risk are becoming more and more prominent, especially if you collect sensitive data or personal information. If you’re in manufacturing, you’re likely dealing with overall business interruption risk – and any losses that might occur from those stoppages.

Can I save money or increase my coverage?  The cybersecurity landscape changes quickly, and the amounts and types of coverage you need might also change based on your changing business strategy, risk appetite, or risks in your industry.

While having some cyber security coverage is common, the cyber insurance industry has developed rapidly. Many unique coverages now exist that allow businesses of varying size and complexity best match existing organizational risks. Purchasing a tailored cyber policy after careful analysis of your organization’s risks may provide vital protection for your organization going forward.



The content in this article is not intended to serve as advice or guidance on specific insurance policies. U.S. Bank, U.S. Bancorp Investments and their representatives do not provide insurance advice. Your insurance situation is unique. You should consult your insurance advisor for advice and information concerning your situation.

Related content

Cybercrisis management: Are you ready to respond?

Dear Money Mentor: What is cryptocurrency?

Drive digital transformation with payments innovation

Tailor Ridge eBill case study

Buying or leasing? Questions to ask before signing a contract

Want AP automation to pay both businesses and consumers?

Automate accounts payable to optimize revenue and payments

Colleges respond to student needs by offering digital payments

Cryptocurrency custody 6 frequently asked questions

What corporate treasurers need to know about Virtual Account Management

3 emerging technology trends for bankers

How to spot an online scam

Zelle® helps Sunriver Resort make payments efficient and secure

Why ecommerce for small business strategy is integral

How blockchain technology is changing treasury

Blockchain: Separating hype from substance

Enhancing the patient experience through people-centered payments

4 ways to make practical use of real-time payments

What government officials should know about real-time payments

Digital Onboarding helps finance firm’s clients build communities

Insource or outsource? 10 considerations

Unexpected cost savings may be hiding in your payment strategy

P2P payments make it easier to split the tab

4 ways to outsmart your smart device

Banking connectivity: Helping businesses deliver the easier, faster, more secure customer experience of the future

Integrated receivables management solution supports customer focus at MSC Industrial Supply

ABCs of APIs: Drive treasury efficiency with real-time connectivity

Hospitals face cybersecurity risks in surprising new ways

How emerging banking solutions enable better decisions

Empowering managers with data automation and integration

Common pitfalls to avoid in the equipment financing process

The secret to successful service provider integration

5 steps you should take after a major data breach

Cybersecurity – Protecting client data through industry best practices

Why KYC — for organizations

The cyber insurance question: Additional protection beyond prevention

Post-pandemic fraud prevention lessons for local governments

How running a business that aligns with core values is paying off

Meet the Milwaukee businessman behind Funky Fresh Spring Rolls

How electronic billing platforms improve government payments

How to redefine challenges with business collaboration

3 ways to gain loyalty with your customers

Finance or operating lease? Deciphering the legalese of equipment finance

Fight the battle against payments fraud

The latest on cybersecurity: Vulnerability testing and third-party software

The password: Enhancing security and usability

Time is money: Intelligent Payment Routing saves businesses both

3 timeless tips to reduce corporate payments fraud

Digital trends poised to reshape hotel payments

Digital banking for business: How connectivity improves customer experience

How AI in treasury management is transforming finance

Automate escheatment for accounts payable to save time and money

Collect utility and telecom bill payments faster

Treasury management innovations earn Model Bank awards

The AI journey in finance: How to make it part of your strategy

5 Ways to protect your government agency from payment fraud

Proactive ways to fight vendor fraud

The latest on cybersecurity: Mobile fraud and privacy concerns

The future of financial leadership: More strategy, fewer spreadsheets

Enhancing liquidity management: 4 benefits of visibility

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

Start of disclosure content

Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rate and program terms are subject to change without notice. Mortgage, home equity and credit products are offered by U.S. Bank National Association. Deposit products are offered by U.S. Bank National Association. Member FDIC.