Risk managers and insurance buyers having California exposures have undoubtedly considered the risk of Earthquake... with many having purchased the coverage. Risk based decisions, including insurance buying, are all about identifying the exposures and associated risks, and taking appropriately concluded action.
Natural disasters are an easy target for insurance buyers:
Coastal - wind / water
CA - EQ / fire / slides
Why do buyers treat Cyber differently, when it should be given the same consideration as a natural catastrophe... uncertainty surrounding the timing of an event and the likelihood of great severity.
Insurance buyers and risk managers should make decisions based around the inevitable Cyber or Network loss, and the likelihood of its great severity. Many cyber events do not simply impact a single organization but rather travel a network of infrastructure, impacting scores of businesses and individuals. A similar characteristic to a natural disaster. A critical difference is that cyber is not tied to a particular geographical region. An isolated cyber event affecting a target organization can be no less devastating.
The vast marketplace offering of Cyber Liability and Network Security insurance is a patchwork of inconsistencies and should be navigated carefully. Do not simply accept a 'quote', the consequences could cost much more than the premium or any savings over a competitor.
Securing the right insurance requires:
1. Identifying line item coverages and limits
2. Identifying an acceptable short list of insurers
3. Insisting on certain policy language and coverage features
4. Working with brokers and advisers who bring value
Cyber matters can have reaching affect into an organization and interplay with other lines of insurance, and therefore should be coordinated with other insurances.