What Key Things To Look For In A Good Cyber Liability Insurance Policy

November 1, 2022    •    3 min read

As the number of successful cyber attacks continues to grow, so does the need for adequate cyber liability insurance. But what exactly should you look for in a good policy? Here are a few key things to keep in mind.

A good cyber liability insurance policy will have a few key components:

  1. First, it will provide broad coverage and a clear description of what is covered.
  2. It will cover your losses and the losses other third parties incur because of the incident.
  3. It will provide adequate financial protection.
  4. It will be through a reputable insurer.


First, a quality policy will have a clear and concise definition of what is considered a “cyber event.” New cybersecurity risks are found every day. You want to be protected against as many variations as possible. Ensure the policy has a broad scope to maximize the odds that you are covered for all cyber risks. Everyday events you want to make sure are covered include:

  • Fraudulent charges: If your company’s account is hacked and used to make unauthorized charges, you’ll want to be sure your policy covers the resulting loss.
  • Data breaches: An excellent cyber liability policy will also cover the costs associated with a data breach, including notifying customers of the breach and providing them with credit monitoring services.
  • Cyber extortion: If your company is the victim of a ransomware attack,  your policy should cover the cost of paying the ransom demand and any resulting business interruption.


A quality policy should provide coverage for both first-party and third-party liabilities. First-party losses are the losses you incur because of the incident. For example, such first-party losses include ransomware payments, remediation costs, regulatory fines, and business interruption. Third-party losses are those losses that others incur because of the incident. For example, third-party losses are created when you are sued by someone who suffers damages due to your data breach. Such damages include losses due to reputation damage, litigation costs, and settlement expenses.


A quality policy should have reasonable limits on coverage and deductibles. While you don’t want to be underinsured in a significant data breach,  you also don’t want to overpay for coverage you may never use. For example, your company may not require media liability coverage that is included in a proposed policy. If unnecessary, this may be a premium you don’t need to carry. This is why working with a broker/insurer knowledgeable in your industry is important (discussed below). Also, be cautious of sub-limits that may expose you to specific common scenarios. If your policy offers $2 million in coverage, but “Business Email Compromise” has a sub-limit of $100,000, you could be left with hundreds of thousands of dollars in uncovered losses if someone tricks your CFO into transferring $475,000 to a fraudulent bank account.


Choosing a reputable insurer is essential to getting the coverage you need. At a minimum, three key things to look for are:

  1. Financial stability –  Find an insurer that will be around for the long haul and has the financial resources to pay claims. Check ratings from independent agencies like A.M. Best and Standard & Poor’s to get an idea of an insurer’s financial strength.
  2. Cybersecurity expertise – Your insurer should deeply understand your business’s cybersecurity landscape and risks. Ask about an insurer’s claims-paying history and whether it has dedicated resources to handle cyber claims.
  3. Deep expertise in your industry – An insurance carrier should know and understand the risks associated with your particular business and its nuances. For example, an insurer should have experience handling retail claims if you run a retail store.


As our everyday life continues its move online, businesses must do everything possible to protect themselves from digital attacks. Effective protection requires a layered approach. While having multiple high-quality layers of protection will greatly reduce your risk of cyberattack, it can never drive that risk to zero. That’s why cyber liability insurance is one essential piece when safeguarding your business in the digital age.

About the Author – David Myers

A long time believer in the idea that technology would disrupt the practice of law, David Myers spent 14 years in the IT industry. He consulted on line-of-business applications, built servers, migrated businesses to “the cloud,” earned coveted certifications from Sophos, LexisNexis, and Microsoft, and eventually focused on keeping computer systems secure in an increasingly dangerous world. At the same time, he continued to practice law while developing a complementary skill set covering data privacy and cyber security laws affecting the modern business environment.

In August of 2021, he left the consulting space to begin a new journey with Buckingham, Doolittle & Burroughs, LLC. Buckingham has served businesses in the Cleveland, Akron, and Canton areas for over 100 years. Now, as part of that family, he passionately provides white glove treatment for cybersecurity, data privacy, and technology law issues to businesses of all sizes across Northeast Ohio.

Original article created by Ashton Technologies

Share this:

David J. Myers

Partner | Cleveland

[email protected] 216.736.4230


Our attorneys will provide a collaborative, thoughtful approach to your legal needs. We look forward to connecting with you.