Of course, the coverage offered by standalone policies varies, Shey notes, but it typically covers costs associated with business interruption, incident responses, forensics, and other standard services arising from a cyber event. Some also cover the costs of ransom payments and negotiator fees.
Still, Shey says coverage “can be very carrier- and country/region-specific, and a lot can be negotiated.”
The insurance market has seen several years of volatility, says Andy Moss, a partner in the Insurance Recovery Group in the Litigation Department at law firm Reed Smith. A spike in cyber events in the late 2010s set off a wave of claims, which was followed by pandemic disruptions and headline-making ransomware attacks. As a result, prices for cyber insurance surged and insurers implemented more restrictive policies, Moss says.