Cyber security insurance – some advice – Updated

The original article was published on 1 March 2022.

I am often asked my opinion of cyber security insurance, particularly if I think it will cover a particular type of incident and loss. I have been asked for my opinion on the tendency for some cyber security companies to bundle insurance into their offerings. I am not going to share my thoughts here about those opinions but simply point you at this article on Bruce Schneier’s blog:

Insurance Coverage for NotPetya Losses – Schneier on Security

Now this case is from the US – so we need to remember that.

My advice when it comes to cyber security insurance:

  • Read the terms and conditions of the policies very carefully, then…
  • Discuss those terms and conditions with both cyber security and insurance experts so you know what you are getting
  • Make your mind up once you have the facts
  • Expect any claim you make to be difficult to complete – that is not the fault of the insurance companies they just like to be sure. I have been involved with various insurance claims over the years and have a tried and tested procedure to ease this part of the process.
  • Terms and conditions for policies will change.

Updated 3 March 2022

Here is more on cyber security insurance for you to think about:

Cyber insurance policies may be put to the test by Russian attacks, credit ratings firm warns – The Record by Recorded Future

Clive Catton MSc (Cyber Security) – by-line and other articles