"If these companies had requirements in their insurance policies that they always be in compliance, the new PCI standards would have obliterated their current coverage," she said.
But experts are unanimous that all those potential problems should not stop organizations from buying cyber insurance. It just needs to be carefully -- very carefully -- with the help of an experienced specialist to read and negotiate through the fine print.
"For small businesses, the average cost of a data breach is $8,700, and policies typically cost less than $2,000 per year," Kaplan said, adding that having the money available for those expenses, "can help preserve a business's reputation and can make it less likely that the initial breach has a long-term negative impact on the business finances."
Indeed, one of the mantras in security is that it is no longer a question of if you will be breached, but when.
"Cyber crime is at all-time high," Marciano said. "A cyber attack can bring any company to a standstill and, if data theft is involved, cause significant costs to respond to the breach, regulators and plaintiff lawsuits, and more."
"The key is to truly understand your coverage and what types of losses may not be insurable," Rafferty said, "as well as ensure that the coverage spans most common breach areas."
In other words, as Linde put it, "You just have to do your homework and know what you are purchasing."
Sign up for Computerworld eNewsletters.