Close this search box.
Close this search box.

5 Cyber Insurance Policy Gaps that Can Spell Disaster for Companies

More than 1 in 4 board members (26%) consider cybersecurity to be the highest priority for their corporation today, according to a new report from Bay Dynamics—and for good reason.

Between 2013 and 2015, the number of records exposed by data breaches grew from 49 million to over 121 million, costing companies an average of $201 per record lost, or a total of $9.8 billion.

The growing frequency and cost of cyber attacks has led many companies to purchase cyber liability insurance. Premiums for these policies are expected to surpass $20 billion by 2025, up from $2 billion in 2015, according to Allianz Global.

Despite the growth in cyber insurance coverage, however, policies often fail to keep up with the latest cyber threats. As a result, many companies that have been victims of cyber crimes—even those with cyber liability insurance—have lost profits, struggled to fully recover from attacks, and have been held liable for cyber damages.

“Despite the growth in cyber insurance coverage, policies often fail to keep up with the latest cyber threats.”

To be fully protected, here are 5 components that a company’s leadership team needs to ensure are included as part of its cyber liability insurance policy.

1. Ransomware protection. When ransomware attacks occur, an organization’s files or entire system are locked until a specified amount of money/ransom is paid to the perpetrators. 2016 has seen a string of ransomware attacks targeting a number of industries, especially healthcare. Ransomware typically comes from either compromised websites or email attachments, and employees are tricked into opening attachments that then install ransomware. Due to the large amounts of damage caused by ransomware attacks, cyber insurance providers are sometimes reluctant to expose themselves to such a high level of risk, and therefore don’t always offer ransomware coverage in their basic policies. As a result, companies considering insurance should ensure that ransomware protection is included.

2. Legal tender vs. monies. As ransomware attacks continue to increase, it is essential for insurance policies to clearly define and cover both “legal tender” and “monies.” Legal tender refers to government issued circulating currency, while monies refer to a medium of exchange that will hold value for a long period of time. In the cyber realm, this is most often the Bitcoin, which is the type of payment usually demanded by those committing a ransomware attack. Companies without coverage for monies may not be eligible for reimbursement of a paid ransom in the event of a ransomware attack.

3. E-business interruption. In the digital age, the operation of a company’s website is often directly linked to its ability to do business and earn money. However, in the event of a cyber attack, websites are often disrupted—a server can fail or ransomware may lock a web page. Companies, especially those that depend solely on e-commerce for their sales, must be sure that their cyber policy covers e-business interruption.

4. Third-party corruption. One common way that malware is introduced into a company’s system is through a third party. If a business unknowingly sends a corrupted email to another business, thereby compromising their system, the question becomes: who is responsible? The affected business may hold the sender/third party responsible, even if the harm was unintentional. In this instance, if the “culprit” is sued by the affected business, it may be assumed that an insurance policy will cover the costs. However, if coverage for third-party corruption is not explicitly stated in the policy, it is likely not covered. As a result, the business that unknowingly passed along the virus will have to deal with the costs of repairing the damage from the incident.

5. Exclusions. Even if the four previous components are included in a cyber liability policy, they can count for little if companies do not carefully review the exclusions within a policy. For example, a company’s policy may exclude:

  • Paper files containing protected information
  • Unencrypted data
  • Claims brought by regulators or by the government
  • First-party notification expenses for disclosing personal health information, corporate confidential information or personal identifiable information

As cybersecurity threats continue to evolve, it is vital for companies and their leadership teams to be constantly analyzing and updating their cyber liability policies. Failure to do so can have potentially disastrous consequences.


  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events


    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)


    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.