Consortium of Leading Cyber Technology and Insurance Providers Announce the Launch of SafeHouseInitiative.org
January 17, 2023
No Comments
This is a companion blog to the “The SafeHouse” podcast dated June 26, 2025.
In today’s digital landscape, cyber threats are an ever-present danger, especially for small to mid-sized businesses (SMBs). Despite this, the adoption of standalone cyber insurance policies remains alarmingly low—only about 4%. To shed light on this critical issue, Jeff Edwards, co-chair of the Safe House Initiative and host of this insightful series, teams up with Tawana Johnson, fellow co-chair and expert breach coach at Lewis Brisbois. Together, they explore the intricate journey of cyber insurance—from risk assessment to recovery—offering a valuable roadmap for businesses striving to protect themselves against cyber incidents.
Listen to the original podcast here: https://safehouseinitiative.org/from-risk-to-recovery-every-stop-the-cyber-insurance-journey-with-tawana-johnson/
One of the most startling revelations highlighted by Tawana is the low adoption rate of standalone cyber insurance policies among SMBs, hovering at just around 4%. This gap raises important questions:
Many small to mid-sized businesses either misunderstand cyber insurance or find the process intimidating. Tawana Johnson reflects on this challenge:
“There’s definitely more risk than businesses can realize, which is why this entire series is so important. Hopefully, it will help increase the uptake of cyber insurance policies and help businesses stay protected and covered.”
One reason for the low adoption rate is the misconception that existing property and casualty policies cover cyber risks. Tawana cautions against this assumption:
“Don’t assume that your property and casualty policy is going to cover it. Sometimes there may be a rider, but that’s not necessarily true.”
Standalone cyber insurance policies often provide specialized protections and services that general policies do not, such as breach coaches and ransomware negotiation support.
When a cyber incident occurs, businesses often face their worst day, filled with fear and uncertainty. Tawana Johnson’s role as a breach coach is pivotal in these moments, offering both legal expertise and emotional reassurance:
“I can’t tell you how many times I get on a call with a client and if I could see them, I’m sure they would be just white as a ghost. They are terrified that their business is over. We spend a lot of time counseling our clients, reassuring them that it’s not as bad as it seems, and that we’re here to help them get through this incident and come out on the other side.”
Beyond calming fears, breach coaches ensure that all investigations remain under attorney-client privilege, safeguarding sensitive communications from discovery in potential future litigation. They serve as coordinators between the business, forensic response teams, insurance carriers, and other vendors, managing the complex incident response process.
Before purchasing cyber insurance, businesses must first understand and quantify their cyber risk. Tawana explains the importance of starting at the very beginning:
“Let’s start at the very beginning. Talk to a risk manager about how you quantify your cyber risk. Where is the data? Who has access? What security measures are in place? And what is the value to the business if that data is lost or compromised?”
It’s crucial to consider not only data loss but also the potential business interruption costs. Tawana shares an example:
“I’ve had clients panicking because they have a million dollars a day in revenue they lose for every day they’re down. That’s not insignificant, even compared to other small to medium-sized businesses.”
With a clear understanding of risk and potential losses, businesses can work with knowledgeable brokers to select appropriate coverage. Tawana emphasizes the broker’s role in educating clients and guiding them through the application process:
“We’ve heard stories of brokers who don’t specialize in cyber insurance saying, ‘You probably don’t need it, but here it is.’ That’s a problem. Brokers need to be consultative and help businesses understand what coverage they truly need.”
Cyber insurance has dramatically evolved over the past few years. Tawana notes how underwriting has become increasingly detailed:
“Back in 2020, an application was just one page front and back. Now, insurance carriers have threat intelligence teams that may even conduct penetration testing on applicant networks to verify security controls.”
This rigorous underwriting helps carriers better quantify risk and determine premiums and coverage terms. It underscores the importance of accurate disclosure and sound cybersecurity practices during the application process.
When an incident occurs, having cyber insurance provides critical support. Tawana explains the typical claims process:
Each step requires careful management to ensure coverage and effective recovery. Tawana highlights the breach coach’s advocacy role:
“Part of my role is to advocate for my client as to why those fees should be covered and why the insurance carrier should pay instead of the client.”
Cyber incidents can lead to long-term legal challenges, including class action lawsuits and coverage disputes. Tawana sheds light on emerging trends:
“It used to take 100,000 impacted individuals to certify a class action. Now, we’re seeing classes certified with as few as 3,000. Jurisdiction matters, and there’s a lot of forum shopping in these cases.”
Businesses must prepare for potential litigation and understand their defenses, especially if they took reasonable steps to mitigate risks but still became victims.
Coverage litigation is another area of potential conflict, where insureds and carriers may disagree on what expenses are covered. Tawana advises:
“Small to medium businesses need to understand the terms of their policies and avoid actions that could lead to adverse coverage determinations.”
Beyond direct data loss, business interruption can cause significant financial damage during a cyber incident. Tawana discusses the challenges in quantifying these losses:
“There can be disagreement between the insured and the insurance company about the actual business interruption loss. Setting up proper documentation and processes in advance can help avoid disputes.”
Understanding business interruption coverage and working closely with insurers can make a critical difference in recovery outcomes.
Cyber insurance is no longer a luxury but a necessity for small and mid-sized businesses facing escalating cyber threats. Tawana Johnson’s insights highlight the complexity of the cyber insurance journey—from risk assessment and policy purchase to claims management and litigation preparedness.
As Tawana aptly puts it:
“It’s not terribly expensive to have a standalone cyber insurance policy for a million dollars or more. But if you ever need it, you’ll be thankful that you have it.”
With the right knowledge, support, and coverage, businesses can navigate the cyber threat landscape with greater resilience, minimizing damage and recovering more effectively. The evolving market demands informed decision-making, proactive risk management, and collaboration with trusted brokers, breach coaches, and legal counsel.
By embracing these strategies, SMBs can turn cyber risk into an opportunity for stronger protection and peace of mind.
For more information about the SafeHouse Initiative and how you can protect your organization, visit safehouseinitiative.org.
