In last week’s post, I discussed Tech PI insurance as opposed to Cyber Insurance for a Software as a Service (SaaS) provider. This week, I want to discuss three important questions you need to ask your insurer when applying for Tech PI (or cyber for those non-SaaS readers) insurance policies.
Do it cover Activities, Clients or Records?
Ideally as a SaaS provider, you want your insurance to cover on a per client or per activity basis. As I discussed previously, insuring per record is very difficult if not impossible for a SaaS provider. For most policies, you’ll find that you can specify the number of records for internal cyber insurance – such as employee records, finance, human resources and so forth, while specifying activities such as hosting or the service you provide to clients for your Tech Professional Indemnity.
Are there regional exclusions?
This is a major issue if you are hosting in different regions or providing your service to different regions. Many insurers flat-out exclude the USA from policies, though that is changing. You want to ensure that all the regions in which you operate are covered by your policy and that it’s truly global.
Does it cover First Parties or only Third Parties?
A tricky one that needs to be asked! Some insurers will only provide third party data privacy insurance as part of Tech PI. What this means is that you are not covered in the event of notifying or compensating the first party (the data subject whose data has been breached), you are only, for example, covered for your expenses in investigating and securing your environment. Ideally, you should have a policy that covers both, as the initial crisis management is a very expensive component of a breach!
I hope this helps in selecting an insurer and a policy. While there are roadblocks on the way to effectively insuring, it is definitely something that can be done if you have the right policy and ask the right questions! If you or your company needs assistance in complying with data protection regulation, why not reach out to Ross G Saunders Consulting. Through our network of specialists, we provide end-to-end data protection solutions from small businesses to enterprise level customers.