Skip to content

Considerations when shopping for cyber insurance

Considerations When Shopping for Cyber Insurance

I just returned from the RIMS2020 conference in San Francisco and while the newly built façade of Moscone Center was impressive, COVID protocols were dialed in and many friendly faces were happy to be in a communal business setting again, there remains a pervasive cloud of confusion around the accessibility and efficacy of cyber insurance.

Cyber Insurance: How Protected Am I?

Make no mistake, a growing number of organizations understand the need for cyber insurance. After all, it could be the difference between winning or losing a large contract for your organization or acquiring that next round of investment your board is advocating. Most importantly, it could be the assurance you need for the longevity of your business in the face of cyber-attack.

But cyber insurance alone is not a panacea and even firms that have cyber insurance may not be as protected as they think. In speaking with several insurance companies, I’ve learned that unlike traditional lines of business such as private auto insurance, where standard policies provide liability or collision coverage, cyber insurance policy language is not standardized. The types of risks covered under cyber insurance vary significantly across policies and businesses and insurers don’t always agree on what loss events are covered under those policies, which make collecting on a claim challenging.

Due to limited loss history and lack of legal precedent, cyber insurers, operating in a fast-developing market, instead must rely on several indirect factors to set policy pricing appropriately. These factors include market estimates of the cost of cyberattacks, risk assessments to determine the riskiness of the insured, the industry sector of the insured, their own underwriting experience and comparative pricing by other insurance companies.

And because cyberattacks are constantly evolving as both private and state-sponsored hackers develop new methods to infiltrate networks, underwriters are chasing a moving target. The rapid evolution of hacking capabilities and the frequency of attacks, both driving rising costs, make it difficult for insurers, who have historically relied on clients having relatively consistent risk profiles (such as decades of driving risk data).


Yesterday’s attacks do not necessarily inform us about tomorrow’s risks. As a result, the cyber insurance market only covers a small percentage of the overall losses caused by cyberattacks.


The Evolving Cyber Insurance Market

We are seeing the insurance market evolve, however, insurance companies are beginning to write cyber insurance contracts that more explicitly define inclusions and exclusions, and this trend should help limit disputes over cyber coverage. Also, insurers recognize that in order to accurately price future cyber risks, predictive cyber-risk models are crucial. Additionally, insurers are even taking steps to develop and offer advisory services to help their clients with improved cybersecurity standards adherence and development of practices which will help businesses avoid catastrophic attacks to begin with.

What Should You Consider When Shopping for Cyber Insurance?

Shopping for cyber insurance can be daunting and overwhelming. Below lists a few points to consider when you're on the hunt for coverage.

Considerations When Shopping for Cyber Insurance 1cyber insurance (1)

In summary, the cybersecurity insurance industry is flush with varying types of coverage and cyber liability products. Ask the right questions during the buying process and remember that for the greatest business preservation, your cyber insurance strategy should coalesce with your risk management program.


Here at 6clicks, we have a truckload of cyber risk-focused checklists, risks, controls, assessments and playbooks inside our ever-growing Content Library


Just getting started in your GRC journeyHow about a whistle-stop tour with one of our 6clicks maestros?

Easy - just click the button below and let the good times roll.



All we want to do, every day, is make the world of GRC easier to manage. We can't do that without you, so we hope to hear from you real soon!


6-circleTeam 6clicks

Fast, clear, smart, agile. #NoSpreadsheets 🚫

Leave a Comment

Register for webinars, watch replays and download our ebooks

eBooks & Guides


Our blog and 6clicks TV

Latest articles and interviews with our partners and thought leaders


Our blog

6clicks TV

Top analysts and customers have spoken.

They genuinely love 6clicks.

"The best cyber GRC platform for businesses and advisors."


"We chose 6clicks not only for our clients, but also our internal use”

Partner | Big 4

"With 6clicks we can simply close deals much faster"

CEO | Startup

6clicks Reviews

"The 6clicks solution simplifies and strengthens risk, compliance, and control processes across entities and can grow and adapt as the organization changes and evolves."

Michael Rasmussen | GRC 20/20 Research LLC


Why businesses and advisors choose 6clicks

It's faster, easier and more cost effective than any alternative.

6clicks Enterprise Risk Management

Powered by artificial

Experience the magic of Hailey, our artificial intelligence engine for risk and compliance.

What's the best GRC software?

Unique Hub & Spoke architecture

Deploy multiple teams all connected to a hub - perfect for federated, multi-team structures.

Best software for ISO 27001 compliance

Fully integrated
content library

Access 100's of standards, control sets, assessment templates, libraries and playbooks.

Are you ready to experience AI-powered GRC?