Many organizations establish minimum coverage amounts by product or service type and risk level. In addition to basic liability and professional errors and omissions coverage, your organization may decide that all vendors that access, process, transfer, or store data have an additional baseline $5 Million cyber security policy. The coverage amount may increase if the vendor has actual access to your networks and systems. Or, is considered a critical vendor.
When determining the actual amount, it is important to consider the risk potential and how many customer records could be compromised, for example. And if your organization will be named on the policy as an additional insured party. Remember, only a licensed insurance professional can legally guide you on these requirements. A good starting point is with the insurance company or broker from which your organization secures its insurance. They should be able to guide you on the appropriate coverage limits and specific policy types to help protect your organization. I hope this information is useful, but I would love to see what other members have to add.