Recovering from data breaches typically requires working with several companies, or vendors as they’re known in the insurance industry. The vendors that a business is allowed to use after a breach is often determined by the business’ cyber insurance policy -- and what vendor’s a policy lets a business use can significantly affect how quickly and well the business is able to recover from a data breach. If you run a business in Massachusetts, here’s what to look for regarding vendor requirements when you’re comparing cyber liability insurance policies.
Following a Data Breach, Will My Business’ Cyber Insurance Cover Any Vendor’s Services?
See If You Can Find a Cyber Insurance Policy With Little Restrictions
Most cyber insurance policies place at least some restrictions on what vendors can be used to recover from a data breach, and you’ll likely have a hard time finding a policy that doesn’t have any restrictions. If you do, such a policy might be prohibitively expensive.
Nevertheless, it’s worth looking for a policy that doesn’t have any vendor restrictions. Each policy has its own terms and conditions, so there’s a chance that you could find a policy without restrictions. Should you come across a policy that’s affordable and doesn’t have restrictions, this will probably be one of the better options available. Such a policy would let your business choose who it works with following any data breach, so you could choose the best vendors available.
If you aren’t able to find a policy that has no restrictions, look for one that at least has the two features listed below.
Look for a Cyber Liability Insurance Policy That Permits Using Internal Resources
First, it’s often wise to look for a policy that permits using internal resources in the recovery of a data breach. Some policies won’t let businesses use their own resources to recover from a data breach, but some insurers may offer policies that permit using your business’ resources.
Finding a policy that lets your business use its own resources could help defray the cost of recovering from a data breach. Exactly how much your business could save will depend on what resources it has, but any savings could help.
Seek Out an Insurer That Lets You Submit Vendors for Approval
Second, you may be able to get a policy that restricts vendors to a pre-approved list -- but lets you request that specific vendors be added to the insurer’s list. Some Massachusetts insurers are willing to add vendors to their list (even if they don’t advertise that they’ll do this), as long as the vendors meet their requirements. This will let your business use the vendors it wants even though the policy technically restricts vendors to those listed.
If you already know of companies that you’d want to work with in the event of a data breach, request that these vendors be approved before signing up for a policy. By getting approval before purchasing a policy, you can be sure that any companies you want to be able to work with will be approved.
If you don’t currently know of any companies you’d want to hire to help your business recover from a data breach, finding an insurer that will let you submit vendors for approval in the future is sufficient.
Talk to a Massachusetts Insurance Agent Who’s Familiar with Cyber Liability Insurance
Sorting through cyber insurance policies’ vendor restrictions can be fairly complex. For assistance with this aspect of finding cyber coverage, contact an independent insurance agent in Massachusetts who’s familiar with cyber liability insurance. An independent agent who’s knowledgeable about cyber policies will be able to help you sort through policies from different insurers.