Save as PDF


If You Are Having Difficulty Obtaining Adequate Cyber-Insurance Coverage, You Are Not Alone

March 17, 2023

Hall Estill Newsletter

View Full Article

Hall Estill Attorneys have heard that some businesses are having difficulty obtaining adequate cyber-insurance coverage. Standard IT/software contracts typically require mutual security and storage obligations as well as insurance coverage in the event of a claim. However, obtaining adequate coverage can be more difficult than ever because of the increasing frequency of claims. 

In its 12th annual Cyber Claims Study, NetDiligence found that ransomware payments now average $270,000, with ransomware being the most frequently occurring claim and the number one most expensive covered claim by total dollars. Combined with overall increases in other forms of claims (i.e., business email compromise, business interruption, etc.), insurance companies are becoming more stringent in application requirements and more conservative in policy limits.

In spite of this, coverage can typically still be obtained based upon your overall needs and budget, but you may have to look outside of your traditional agent to find the right policy. For example, there “active insurance” companies that exist that provide up to $15 million in coverage and also provide monitoring and threat detection services as part of your premium. 

Typical requirements for cyber-insurance policies are multi-factor authentication, end-point detection and response, business interruption plans, privacy policies, and mandatory employee training on privacy and breach response. If your company is in need of cyber-insurance or higher limits, our Cybersecurity and Data Privacy Practice Group can assist you through the process, including preparation of appropriate policies and procedures that may be required by the insurance application.  

Please do not hesitate to contact your Hall Estill attorney or a member of the Hall Estill Cybersecurity and Data Privacy Team if you have any questions.