BURLINGTON, Vermont – Cyber liability risks can be effectively covered through captive insurers, but organizations should scrutinize their potential exposures and the consequences of taking on such high-severity, low-frequency risks before placing them in a captive, a panel of experts said.
In addition, if organizations opt to self-insure, they should ensure they don’t lose access to ancillary services that insurers provide to cyber policyholders, they said.
Companies considering covering cyber risks via a captive should thoroughly examine their information technology infrastructure, said John O’Neil, Springfield, Massachusetts-based assistant vice president, corporate insurance risk manager, at Massachusetts Mutual Life Insurance Co.
“Sit across the desk from whoever is responsible for IT security in your company and ask them the hard questions,” he said during a session Tuesday at the Vermont Captive Insurance Association’s annual conference.
In addition, risk managers should inform their senior executives before they put cyber risks into the captive, Mr. O’Neil said.
“Make sure they know that you’re thinking about putting cyber…