The original article was published on 1 March 2022.
I am often asked my opinion of cyber security insurance, particularly if I think it will cover a particular type of incident and loss. I have been asked for my opinion on the tendency for some cyber security companies to bundle insurance into their offerings. I am not going to share my thoughts here about those opinions but simply point you at this article on Bruce Schneier’s blog:
Insurance Coverage for NotPetya Losses – Schneier on Security
Now this case is from the US – so we need to remember that.
My advice when it comes to cyber security insurance:
- Read the terms and conditions of the policies very carefully, then…
- Discuss those terms and conditions with both cyber security and insurance experts so you know what you are getting
- Make your mind up once you have the facts
- Expect any claim you make to be difficult to complete – that is not the fault of the insurance companies they just like to be sure. I have been involved with various insurance claims over the years and have a tried and tested procedure to ease this part of the process.
- Terms and conditions for policies will change.
Updated 3 March 2022
Here is more on cyber security insurance for you to think about:
Clive Catton MSc (Cyber Security) – by-line and other articles

