Article

Cybersecurity and cyber insurance

How a two-pronged approach can strengthen cyber resilience.

Updated: September 16, 2025

For many firms, cyber liability insurance provides critical protection from financial loss stemming from a cyber incident, from legal damages and business interruption, to crisis management and investigation expenses. But as it's a relatively new, evolving, and very specialized type of insurance, businesses must exercise due diligence when shopping around for a new policy or looking to renew their cyber insurance coverage.

Chetan Sehgal, Partner, Forensic Disputes & Investigations, has five practical pointers for leaders looking into choosing a cyber insurance policy.

Conduct a cyber risk assessment before buying.

Hidden vulnerabilities typically come to light only after a successful attack. Conduct a risk assessment of your control environment and develop a prevention program—or work with a firm that can—to purchase the most appropriate plan for your needs. A cybersecurity and forensics partner like BDO can also conduct a cost-benefit analysis to identify your blind spots so you can focus your insurance coverage on those areas, or, better yet, remove those blind spots prior to applying for insurance to avoid denial of coverage or high premiums.

"Once you understand your control environment, you can request quotes from several different underwriters to compare coverage options and conduct proper due diligence on not only the policy, but the insurance company."

Understand cyber insurance coverage and exclusions.

Work with your insurance broker or underwriter to ensure the policy fits your type of business and that you're fully aware of what's covered—but more importantly, what isn't covered.

"Review various cyber insurance options, familiarize yourself with the policy, and ask the right questions. We recommend that you be very mindful when selecting a policy to make sure it will apply to your situation. Work with experts who specialize in cyber insurance and have experience in your industry and geography to ensure you are getting the best possible advice."

Select a cyber incident response team you trust.

"If you've had a breach, it'll throw you into utter chaos as you try to be as operationally viable as you can. Dealing with an underwriter and other advisors you're comfortable with will make that process as smooth as possible. An effective response to a cyber incident is one that has been devised as part of contingency plan strategies and risk management. You need to have a team in place that can help you respond on short notice, including legal counsel, cyber breach professionals, and claim consultants or accountants."

Review and understand the fine print in your cyber insurance policy.

Insurance policies aren't created equal, and for cyber insurance, many buyers aren't fully aware of the pitfalls associated with these policies.

"Some insurance companies will conduct an assessment before they provide you with a policy and premiums. You have to understand what you're signing up for and what your responsibilities are to protect yourself. As the loss ratios on cyber claims have skyrocketed in the past year, the amount insurers cover appears to be declining while premiums are rising."

Implement a comprehensive suite of cybersecurity controls and protections.

Reactive and proactive cybersecurity measures working together

Above all, business leaders must not lose sight of the fact that cyber liability insurance is a reactive solution and does not prevent an attack from happening. That's a serious gap—because loss from cyber crime isn't just financial; it brings disruption to organization's culture, operation, and reputation.

That means insurance is only one piece of the cybersecurity stronghold.

"Insurance is important because cyber attacks are happening more often, and it allows you to recoup some of your losses—but the bigger piece of it is prevention and addressing the root cause, which is plugging the holes in the potential for those attacks. You can't rewind if data is exposed"

Chetan Sehgal

Businesses that double down on developing a well-designed business network defense strategy, securing their endpoints, and launching proactive detection and response mechanisms are better primed to recover with minimal damage.

How BDO can help you understand your cyber insurance needs

From quantifying the post-incident losses to proactively helping you understand the appropriate level of cyber liability coverage, BDO can support your business throughout the insurance cycle.

We often get retained to deal with post-incident response, but our counsel doesn't stop there. Our cybersecurity and digital forensics team can help fortify your organization using proactive tactics that include focusing on employee awareness and training, conducting due diligence on your company's preventive controls, and quantifying risk to help you ensure the cyber insurance policy you choose meets your needs.

The value of working with BDO on your cyber insurance includes:

An applied approach to identify vulnerabilities

BDO can help you build or evaluate your company's incident response plan using techniques like ethical hacking simulation exercises and network penetration testing. Addressing the people component of cybersecurity, we can run phishing simulations to build employee detection skills and provide training on spotting and reporting suspected phishing attempts.

Comprehensive services

With a vast team across various disciplines and areas of expertise, BDO has the ability to address collateral damage associated with a breach. Our legal support team, for example, can assist with data breach response and litigation.

Cybersecurity starting at the core

To help you choose the most relevant cyber insurance policy, we identify your key data assets and test for application and infrastructure vulnerabilities. Focusing on the internal controls that help prevent cyber incidents from happening in the first place, we perform a cyber assessment of your digital environment and set achievable goals by developing an effective cybersecurity strategy.

Round-the-clock cybersecurity support

Our team knows that fraudsters, hackers, and cybercriminals don't work a 9-to-5 schedule. Our professionals are available any time of day, all days of the week, to help your business rebound in the event of a cyber incident.

Connect with Chetan Sehgal, our Forensic Disputes & Investigations Partner, to assess your online environment, understand your potential exposure, and set up the right controls, as well as your cyber liability coverage, to defend against cyber threats.

Chetan Sehgal

National Leader, Infrastructure & Partner, Forensic Disputes & Investigations

Contact View bio