6. Find a knowledgeable broker. "A broker who understands cyber insurance can break down and compare the offerings from different insurance providers," reads the report. They often offer value-added services hat can help identify and mitigate breach risks, as well as validate the need for a policy. "Look for a broker that has experience with cyber insurance and that carries several options."

7. Take advantage of value-added services offered. Some insurance brokers and carriers offer complimentary value-added services to help reduce breach-related risks, the report notes. This could include free consulting or legal advice, access to a proprietary portal with privacy and security resources, and educational webinars. "When weighing policy choices, organizations should evaluate these services as part of the overall offering. As a plus, these offerings may help improve a company's risk profile and lower its insurance premium."

[See also: Breaches epidemic despite efforts at compliance, says Kroll.]

8. Get preferred vendors approved before policy is finalized. Cyber insurance policies may require companies to use pre-approved vendors instead of their own service providers, such as legal counsel, when responding to a breach, according to the report. "Such limitations can impact the quality of a response. For instance, the use of an out-of-the-country call center to manage the breach of sensitive medical data." Instead, the report's authors advices companies negotiate the right to use favored vendors or select their own vendors before the contract is finalized.

9. Understand how to integrate insurance claims process with internal process. A cyber insurance policy should change the way an organization internally manages data breach incidents, the report contends. "Post binding the policy, companies should understand how and when to involve their carrier if a data breach occurs," it reads. This could include updating any documented procedures, like an incident response plan with new roles and responsibilities, revised timeline and current contact information. 

10. Avoid common pitfalls with an insurance carrier. According to the report, this happens most often when the insured doesn't fully understand the policy, which can cause a dispute on coverage. "For example, the carrier may mandate the use of its pre-approved vendors, while an organization may prefer to use its internal resources or favored vendors. It's best to resolve these conflicts before binding the policy."