8 Cyber Insurance myths debunked

With many employees now having to work from home, Cyber Insurance is becoming increasingly important. In these unprecedented and difficult times, we remind you of the benefits and importance of Cyber Insurance.

If you are interested in a cyber policy, initially, we will only ask you only 3 questions to get the ball rolling on your quote. Contact us at enquiries@mcclarroninsurance.com and quote code Cyber20 for a complimentary review.

For buyers of cyber insurance, these are confusing times. The news is peppered with stories purporting that cyber policies are not fit for purpose and even worse, that cyber insurance claims are not getting paid.

We can set the record straight. This is an incredibly important line of cover for modern businesses of all types and sizes, and cyber policies are evolving rapidly to meet policyholders’ needs. One of our recommended cyber insurers, CFC, help us to debunk some of the misconceptions around this important cover.

Myth 1

“Cyber events caused by human oversight or error won’t be covered”

Whilst it is true that cyber insurance was primarily developed to deal with malicious cyber events, policies go far beyond this today, covering a wide range of losses caused by human error or oversight, such as lost laptops or social engineering scams. In fact, about 75% of the cyber claims made and dealt with are for events originally caused by human error.

Myth 2

“Only the legally required costs associated with a data breach will be covered”

The reality is that cover for data breaches is incredibly mature, having been an established part of cyber insurance policies for the last decade. Should a cyber event lead to a privacy breach, nearly every policy will pick up the costs associated with regulatory fines and penalties, breach management like the production and posting of letters, post-breach remediation, and crisis communications, even if you are voluntarily notifying costumers.

Myth 3

“System interruption cover will only cover the period of actual system downtime”

As interruption to your business can extend well beyond the period of actual system downtime, cyber insurance providers have developed this cover considerably over the last few years. In many cases, cover will automatically extend to 3-6 months as standard, to pick up losses incurred in the long aftermath of a cyber event, with the option to extend.

Myth 4

“If an outsourced technology provider experiences an issue that leads to a cyber event, it won’t be covered”

This is a relatively outdated concern. Today, any established cyber insurance policy will cover cyber events and system downtime experienced by the insured themselves and at least their third-party technology service providers, if not the full supply chain encompassing non-technology service providers too. In addition, data hosted with third parties is also typically covered.

Myth 5

“If a system has been recently updated, it won’t be covered”

Not only are systems updates part and parcel of most business’ operations, but it is not in the interests of cyber insurers to discourage businesses from bringing their systems up to date. After all, updates and new system implementation can improve security. For that reason, reputable cyber policies will not look to exclude events arising out of systems that are new or recently updated.

Myth 6

“If a contractor causes a cyber event, such as a data breach, it won’t be covered”

Most cyber policies are designed to cover the entirety of business operations. Just as with outsourced technology providers, most policies are designed to cover claims caused by third party contractors. In fact, it can be taken one step further and cover policyholders’ data wherever it is hosted and whomever it is breached by.

Myth 7

“It’s difficult to get cyber incident support and notify claims”

It is in the interests of insurers to encourage quick and easy engagement with policyholders if a cyber event occurs. If the last two decades of underwriting this class has taught the industry anything, it is that good incident response is key in containing the loss to a business and the subsequent cost of a claim. The industry is taking steps to make reporting a claim as easy as possible through 24/7 hotlines.

 Myth 8

“Cyber insurance doesn’t pay out”

Cyber insurance most certainly does pay out. Cyber insurance has a lower claims declinature rate than most other lines of insurance.  

Additionally, we have an in-house claims team; this means that all the claims we see are handled by us, and unlike a growing number of brokers and tied agents, we do not outsource our claims. Should the worst happen, we will be there to support you, managing any claims from notification to final settlement.


Contact us at enquiries@mcclarroninsurance.com or on 01653 697055 if you would be interested in a no obligation quote – quote code Cyber20 for a complimentary review.



More Stories