I manage a small IT team. I'm getting asked by upper management to review cyber liability insurance policy offered by the company's insurance provider. I'm curious as to how popular this kind of policy is.. Does your company/startup have one? What criteria should one keep in mind when reviewing such insurance policies?
Thank you all for your comments.
I worked in insurance. Not this kind of insurance. This is not "professional advice."<p>Insurance is about managing risk. What risks are you managing?<p>Insurance is specifically about managing the financial risks involved. So, for example, sometimes people buy Key Employee insurance to make sure they can pay the bills while shopping for a replacement for the individual in question because the business won't function while their position goes unfilled. Key employees tend to be hard to replace, so it could be empty for some weeks or months.<p>How much to buy? Well, break out your calculator and figure out how much money you need to protect against the expected issue.<p>For life insurance that hypothetically works like this:<p>"I hypothetically am the primary breadwinner and have one child who is 14 years old. I want enough life insurance to make sure they are provided for until they graduate college in an estimated eight years. Multiply my current salary by eight years, tack on the cost of tuition and you are in the ballpark of a rough estimate for how much insurance to buy."<p>Also ask yourself if there are other, better ways to protect yourself. I paid accident claims. A lot of the claims I paid were "accidents waiting to happen."<p>If you want protection against accidents ruining your business, developing ways to reduce the odds of an accident happening will generally be a better investment than accident insurance.<p>If you want to make sure your family isn't burdened with the high price of funerals, a pre-paid funeral can serve that need better than insurance.
Canadian startup here. Yes; our general liability insurance has cyber provisions in it.<p>Usually upper management asking is either because a customer needs certain provisions or they want to make sure a certain class of risks are covered. I’d suggest you clarify what they need and then talk to your insurance broker.<p>Case in point: general liability could cover a breach but might not cover ransomware attacks.