Don’t Buy a Cyber Policy

By Scott Popilek, Managing Director - Atlantic Regional Leader

Don’t Buy a Cyber Policy

The headline on this article probably strikes you as out of touch with the current state of the cyber marketplace. Both the frequency and severity of cyber related claims are multiplying exponentially. For example, In the past three years the average ransomware claim has increased from $50,000 to over $500,000. Also, it is now projected that 90% of US companies will have experienced a cyber related event by the end of 2022.

As you can imagine, the rise in both frequency and severity of incidents has created tremendous pressure on carriers offering Cyber coverages. That pressure is compelling carriers to increase pricing, reduce coverage limits, remove cyber sub-limits from non-cyber policies and pushing more risk on insureds in the form of higher retentions. So, if all this is happening then why in the world would we say, “don’t buy Cyber coverage”?

Because, in today’s environment you should be buying more than a policy. You should actually be buying into a cyber process – an approach that includes, but delivers much more than, an insurance policy.

We’ve all heard the old adage noting that a doctor cannot prescribe the correct treatment if they haven’t done a thorough examination. The same holds true for Cyber coverage. How in the world can you get the right Cyber coverage, if your broker hasn’t assisted you in a thorough examination and assessment of your risk? The answer is they can’t.

Your broker should be slowing the buying process down - conducting a thorough assessment of your IT infrastructure and existing cyber risk mitigation measures to ensure the policy you purchase responds properly at the time of loss. Getting cyber wrong could put the financial health of your organization at risk and possibly even force you to close the doors.

When we work with our clients, we focus on some key areas to ensure we get it right:

  • Education – Industry trends, threat assessment, regulatory overview

  • Risk Assessment – Vulnerability scan, third party assessment, incident modeling

  • Risk Management – Tabletop exercise, incident response planning, employee training

  • Risk Finance – Carrier, self-insurance, captives

  • Policy Creation – Manuscript to your unique profile, recommended limit, peer benchmarking, retention analysis

  • Incident Response – Coverage counsel, data breach coach, monitoring counsel

  • Claims Handling – Reporting, broker advocacy

If you’re interested in a broker that will slow the buying process down and partner with youto create a tailored Cyber Strategy for your business, please reach out. We can send along a simple assessment document that will allow us to begin the process of getting your Cyber coverages right.

Find me on LinkedIn, here.

Connect with the Risk Strategies Cyber Risk team at

Or email me directly: