The Best Cyber Insurance Policy Wordings for Small Businesses that Every Broker Should Know
Cyber solutions are evolving fast, changing how brokers should talk to their small business clients about their insurance needs.
Cyber solutions are evolving fast, changing how brokers should talk to their small business clients about their insurance needs.
Today’s conversations should focus on preventing losses before they happen, making it crucial for brokers to be well versed in cyber insurance policy wordings. But staying on top of these wordings can be tricky as policies adapt to keep pace with fast evolving technology and AI that are driving increasingly sophisticated cyberattacks.
Not All Cyber Policies are the Same
Not all policies are created equal, and the nuances in different cyber policy wordings can impact clients’ claims.
Understanding these nuances means brokers can help their clients distinguish valuable cyber policy features from potential pitfalls, explains Phil Baker, President of BOXX Canada and Global Chief Underwriting Officer.
“As cyber threats evolve, brokers need to stay one step ahead to ensure their clients are fully covered, without the surprises hidden in many standard policies – such as common event exclusions, lack of cover for theft of property, ransomware co-insurance clauses and breach response costs within the aggregate limit. With BOXX, there are no hidden surprises,” Baker says.
BOXX helps brokers rise to the challenge by providing simplified, comprehensive insurance policy wordings for small businesses. In addition, BOXX runs regular broker education sessions, including monthly accredited webinars to help them keep up with policy changes and remain confident when guiding clients.
Cyberboxx® Business 5.0
It’s no surprise Canadian brokers prefer to work with BOXX. As Canada’s leading all-in-one cyber insurance provider, BOXX earned an impressive 83% Net Promoter Score from Ontario brokers in 2023. This trust comes not just from its comprehensive cyber insurance policy but from its wraparound cybersecurity services and support, including:
- Attack Surface Management,
- Dark Web Monitoring & Hacker Chatter Alerts
- Proactive, real-time monitoring during the policy period,
- Cyber security training & risk assessment,
- Virtual Chief Information Security Officer (vCISO) Concultations, and
- In-house breach response team, Hackbusters®
Cyberboxx® Business 5.0 is BOXX’s flagship all-in-one cyber insurance and protection product, providing the most effective combination of cyber threat prediction, prevention and cyber insurance coverage to respond to the interconnected needs of today’s small businesses.
“What we offer is more than just insurance,” says Neal Jardine, BOXX’s Global Director of Cyber Risk Intelligence & Claims. “It’s an all-in-one solution to keep clients secure that responds when their business is threatened. This helps brokers know that when they recommend BOXX, their clients will have peace of mind.”
As a trusted and leading cyber provider, BOXX is there to help brokers decipher the critical elements of cyber policy wordings to enable their clients to make informed choices.
Here’s what BOXX recommends every small business broker in Canada should know:
1. BOXX’s Comprehensive Base Policy Form
Many cyber providers rely on multiple endorsements to customize their policies – which can cause coverage gaps, with overlapping clauses possibly negating coverage.
“Multiple endorsements can inadvertently cancel each other out, leaving clients exposed,” says Stephanie Banning, BOXX’s Head of North American Underwriting. “With BOXX, we’ve created a unified base policy form that reduces these risks, ensuring no hidden traps.”
BOXX’s 5.0 policy form ensures that clients stay protected from evolving cyber risks, adds Banning.
“Aligned with BOXX’s vision to make the world a digitally safer place, Cyberboxx Business 5.0 addresses the growing complexity of cyber insurance policies with a simpler and complete base form, making brokers’ lives easier. The policy wordings are designed to make cyber insurance more accessible to the many businesses that are vulnerable to cyber risks,” Banning says.
2. Data Recovery Costs – The “3 Rs”: Replace, Restore, or Repair
Data recovery is critical after a cyberattack, but not all policies offer comprehensive recovery options.
BOXX ensures businesses have access to the full spectrum of data recovery costs, allowing for replacement, restoration or repair – essential options if data recovery from backups isn’t possible. Cyber policies should include the “3 Rs” of data recovery options:
- Replace data if unrecoverable from backup.
- Restore from backups where possible.
- Repair damaged data.
“Brokers should look for policies that prioritize the ‘3 Rs’ – replace, restore, or repair,” says Jardine. “This approach ensures that businesses are supported in every stage of data recovery, providing greater resilience during a cyber crisis. We live in a digital world, protecting data should be a top priority for any business.”
3. Nil Deductibles with Hackbusters® Support
BOXX takes a unique approach to supporting clients during suspected cyber incidents by offering “no deductible, no claim required” assistance through the BOXX Hackbusters team, Baker explains.
“This differs from standard “zero deductible” policies which aim to encourage quick reporting but automatically log a claim when clients seek help – impacting the client’s claims record and eroding their policy limit.”
BOXX’s in-house Hackbusters team made up of breach response and cyber security experts help clients to assess the situation upfront without requiring a claim to be filed immediately. “This ensures clients get the help they need while maintaining their claims-free status,” Jardine adds.
Additionally, BOXX rewards businesses that report suspected breaches to Hackbusters swiftly – normally within 24 hours – by waiving the retention fee if they choose to make a claim after talking to the Hackbusters.
This proactive approach not only encourages swift action to contain cyber threats and reduce damages but also protects clients’ long-term claims history and helps minimize their financial stress.
The BOXX Hackbusters resolves over 80% of reported cyber incidents without the need to make a claim, leaving clients the ability to focus on running their business Clients of BOXX spend less time making claims and more time growing their business.
4. Incident Response Costs in addition to the Policy Limit
One of the standout features of BOXX’s cyber policy wordings is a separate limit for incident response costs, preserving the main policy limit for indemnity payments. Incident response costs include retaining legal counsel, forensic investigation costs, credit monitoring, public relations and notification costs. Unique to BOXX, it also includes real-time identification monitoring of victims who have had their data exposed on the dark web.
“This ensures these expenses don’t eat into the main policy limit, which eliminates policyholders’ concerns of exhausting their insurance, thus limiting their ability to recover,” Baker says. “Brokers can emphasize this layered approach as a unique feature that maximizes coverage flexibility for clients, giving them the ability to fully recover without worrying about running out of resources.”
5. No Widespread Event Exclusion
Cloud-based systems have become integral to many business operations, yet some cyber policies exclude system failure losses linked to cloud failures if more than one party is affected.
BOXX takes a different approach, offering comprehensive system failure cloud environment support in the BOXX 5.0 base form, with coverage for:
- Income loss,
- Increased operational costs, and
- Data recovery expenses.
“BOXX’s policy is designed to ensure clients are covered even during widespread events. This is crucial for clients who rely on cloud-based services like Microsoft Email & SharePoint, Amazon, Google Workplace,” Banning says. And today, almost half of non-technical small businesses rely on cloud services.
She recommends that brokers read cyber policy wordings around system failures carefully and understand the risks of cyber incidents like the CrowdStrike Outage, in order to better advise and protect their clients.
6. Combined “Pay on Behalf of” and Reimbursement Coverage
Many cyber insurance policy wordings typically employ either “pay on behalf of” or “reimbursement” language, which may not cover the nuances of all cyber losses.
BOXX’s policy integrates both methods, allowing for “pay on behalf of” or reimbursement coverage, whichever is better suited for the insured.
“Brokers can reassure clients that BOXX’s dual approach provides responsive and tailored financial protection. It’s about offering what’s best for the client in every scenario,” Baker says.
7. Does the policy offer real human support?
In addition to scrutinizing cyber policy wordings for businesses, brokers should check whether they’re offering their clients actual human, local support.
Cyber incidents are high-stress situations that require a rapid personalized response from knowledgeable experts – “real humans in real time”, Jardine says.
But many Canadian providers rely on outsourced or automated response teams, leading to delays of up to two weeks. “That’s too late to respond to a rapidly escalating event. Every second counts,” he adds.
BOXX’s in-house Claim team, Underwriters and Hackbusters breach response team are all based locally in Canada, with local decision-making and the ability to act fast.
Hackbusters is composed of cyber security experts who help contain cyber incidents and respond to breaches, providing 24/7 real-time, local human support – which makes all the difference when your clients are faced with cyber threats.
“With BOXX, clients don’t have to wait two weeks to get a response from a London or US based MGA,” Jardine says, adding: “Hackbusters isn’t just about responding to cyber crises. It’s about predicting and preventing them.”
Jardine, together with Jack Brooks, Head of BOXX Insurance Hackbusters and vCISO, are available for brokers and their clients at any time to answer questions or chat about suspicious activity.
Comprehensive Cyber Solution
Cyberboxx Business 5.0 offers comprehensive cyber protection with one of the broadest base forms in the Canadian market, superior coverage tailored to today’s interconnected, cloud-based businesses, and fewer endorsements to eliminate coverage gaps. With BOXX, brokers benefit from direct access to empowered underwriters and in-house breach response, claims and underwriting teams. Your small businesses clients receive unparalleled support and peace of mind through Hackbusters incident mitigation without filing a claim.
By leveraging BOXX’s innovative policy wordings for small businesses in client discussions, brokers can deliver exceptional value and protection.
“Our purpose is to help make digital protection easier – so brokers are better informed, and clients are always protected and empowered in an ever-changing cyber climate,” Baker concludes.
*Subject to policy terms and conditions
Interested in more real-life cyber tips?
Sign-up for the BOXX Newsletter today.
Join over 5,000+ others that receive our newsletter updates. Filled with expert advice and product announcements to help prevent a cyber incident. Get insider access to news around BOXX innovations, cyber tips and case studies that allow you to stay up to date on all things cyber.