What does your cyber insurance policy cover?
When did you last compare it to your risk assessment to see if it is actually mitigating the risks like you've documented and reported to the board?
Has your cyber insurance policy been updated to address threats such as whaling, business email compromise, corporate account takeover, and ransomware (to only name a few)?
Do your acceptable use policies align with policy requirements? Do your employees actually follow those policies?
These are questions that come to mind when I think about cyber insurance coverage, and the risks associated with it when it's not reviewed with proper frequency and depth.
Help Net Security recently wrote an article discussing cyber insurance coverage or lack thereof, specifically, when it comes to email.
Even if you don't find the article that helpful, at least use it (and my questions above) as a starting point to do a review of your coverage for the various cyber threats that your institution faces.
Read the full article on the Author's Website...