Setting your cyber liability insurance limits can be tricky if you don’t have a clear idea of what you need. Evaluating your risk exposures and prioritizing your options before you apply can help you get the most out of your coverage.
In this article, we’ll unpack insurance application lingo and explain, in plain language, how these terms affect your policy.
Cyber insurance lingo to know
Claims-made
Most standard cyber liability policies are written on a “claims-made” basis.
Claims-made means the cyber policy will apply only to claims made during the policy period. In other words, you must file claims within your policy’s active dates. Alternately, for an added cost, you can purchase an extended reporting period (ERP) to stretch your policy’s claim dates beyond the usual one- year period.
For example, suppose a hacker infects your server with a virus that goes undetected until after your policy lapses. In that case, you wouldn’t have coverage even though the event occurred while your policy was active. An ERP would help cover that gap.
Defense within limits
Standard cyber liability policies also usually contain a “defense within limits” clause. Defense within limits means legal retainers and defense costs reduce your overall cyber liability limits. They come from the same coffers that pay legislative fines, settlements, monitoring and data restoration expenses. Your insurance company will stop paying once you hit your policy’s limits, even if you’re in the middle of a legal defense and settlements are still up in the air.
When choosing your limits, think about your ability to self-fund if a cyber claim exhausts your limits. Ask your agent about separating limits on certain liabilities like legal fees or restoration.
Insurance terms
Cyber liability insurance policies vary widely. You can choose the coverage options you want, aka insurance terms. (More on this below.)
Retention limits
You can also select limits, known as “retention limits,” that go with each of your individual cyber coverage choices.
Retention limits are an amount you agree to pay out of your own pocket to cover your claim. Decide on retention limits that you can safely handle.
While retention limits sound like deductibles, it’s important to understand that they’re not exactly the same. With a deductible, you’d pay the agreed amount and the insurance company would take care of everything else with the claim. Retentions, on the other hand, may require you to play a role in your claim in addition to payment, like defending against the loss.
Ask your agent to explain how the insurance company handles its retention limits. Clarify the retention limits again, before you sign the policy. Make sure you understand which retention limit is used when there are multiple triggers on your policy from a single cyber event. Typically, you’d only pay one retention limit, the highest one of the applicable coverages.
Customizing your cyber liability insurance terms
Most insurance companies offer customizable cyber insurance policies. You can choose the coverage options that suit your risk levels and business needs. You might adjust your retention limits in specific areas or omit specialized coverage based on your industry and operational risk.
Cyber insurance terms typically include the following:
Artificial intelligence and your risk exposure
Launching an artificial intelligence (AI) technology requires extensive planning. From a cyber insurance perspective, AI is like any other technology that needs to be protected. If you’ve already integrated AI into your business, assess its impact on your operations. If you’re still shopping around, remember your liability as you narrow your AI options.
Cloud services might put some onus on outside vendors (for any technology, not just AI), but that doesn’t absolve you from liability. Outsourced technology can still affect your bottom line and create a liability risk, depending on your business setup.
Start by evaluating the purpose of your AI and how you’ve configured it. Does it rely on an external service, or can it remain functional using internal servers within your control?
The types of safeguards, human oversight and autonomy you’ve allowed for your AI also affect your liability exposure. Are you allowing AI to make decisions on its own? If your AI malfunctions due to an internal or external cyberattack, you’ll need a plan to take it out of service.
Here are some coverages to consider if you’re using AI-aided systems:
- Privacy and security: Chatbots might need extra privacy and security coverage. They handle large amounts of sensitive customer data.
- Data restoration: AI systems learn and improve from data collected over time. Since the accumulated data is critical for AI tools’ effective operation, this coverage is beneficial.
- Cyber extortion or ransom: AI could become a target for hackers who encrypt data until their ransom is paid.
- Computer and legal experts: You might need complex technical and legal expertise to fix the issues and navigate legal consequences after a cyberattack on your AI.
- Business interruption: An AI compromise might lead to revenue loss if your AI technology is integral to your business operations, like a call center or automated service desk.
- Dependent business interruption: This coverage could help compensate for lost business income if your AI’s service provider goes offline after an attack.
Review your tech and talk to your insurance agent
When completing your cyber insurance application or renewal, review your technology protocols.
If it’s a renewal, don’t just re-up your application. Tell your insurance agent if you’ve added AI, improved your employee cyber awareness training or elevated your cybersecurity standards. You might qualify for discounts or improved coverage options.
If it’s a new application, inventory your tech, gather your written cyber policies and choose your coverage options. Your independent agent can help match you with the best insurance company for your needs.
