Wordfence just published an interesting article on the current state of cyber insurance. As the authors state, "Wordfence and our team do not sell cyber insurance. This is report is informational and as a courtesy to our customers".

Cyber Insurance: Should You Get It?
by Mark Maunder, Wordfence Blog
September 5, 2017

Cyber insurance is a relatively new market, and it is challenging for both customers and for insurers.

The challenge for insurers is that they do not have much historical data they can use to price risk. In addition, they face the problem that cyber attacks keep evolving. There also is a risk that insurers will have to pay out for a large number of breaches simultaneously. Insurers may have difficulty understanding what to cover in a highly technical and rapidly evolving field.

Buyers of insurance, who are mostly non-technical, may have trouble understanding risks and their insurance options. Buyers may also find that the risks associated with a cyber breach cover a wide range of policy types. Policies lack standardization, and most countries lack a body of legal precedent to help predict outcomes when there is a dispute.

Some of the kinds of loss a company may experience during a cyber breach are:

  • Direct monetary loss through electronic theft.
  • Losses due to extortion from DDoS blackmail or ransomware.
  • Costs of mitigating and investigating the incident.
  • Losses due to downtime.
  • Losses from damage to data and systems, and the costs associated with restoring systems back to normal.
  • Costs of remediation, including the cost to improve security and prevent a similar breach going forward.
  • The cost of customer breach notification, including legal costs and public relations.
  • Expenses of customer compensation, including credit monitoring, service-level agreement penalties, refunds and contractual breaches.
  • Costs of liability associated with the breach, including legal costs.


Policies to cover such diverse risks are complex, which presents a challenge to insurers who have trouble pricing the risk, and a challenge to consumers who could have trouble understanding the coverage....

Cyber Insurance Policies Donít Always Pay
The past few years have seen several high-profile examples of cyber insurers refusing to pay out, and the issue has usually ended up in court.

Read more...