Getting cyber insurance cover is easy.
Getting cyber insurance coverage that is adequate and up to speed to current threats: totally different story.
Currently, very conservative and traditional insurance companies are trying to deliver top-of-the-line products; mostly to customers who don’t need them.
So what’s up with that?
While ago, I tried to sign an e-commerce business with an insurance company that appeared to be very advanced in signing cyber insurance contracts.
During the negotiations however, it turns out that they generally ruled out e-commerce businesses.
The main argument was that an e-commerce business could fall victim to a denial of service attack.
My counter argument was that any conventional business could burn down, and still they wrote insurance policies for the buildings of this client.
I went on to argue that denial of service attack’s are easily mitigated through various means; the most important one of which is a content distribution network.
Still, the insurance company wouldn’t budge.
Having close connections inside the insurance company I went ahead and looked at their exclusion list. And it was terrifying!
I ended up working with them to reduce the general exclusions, and softened up some of their strict policies towards certain types of businesses. And now, they are doing tremendously well and signing up risks, which are manageable.