Do Businesses Need Cyber Liability Insurance or Data Breach Coverage?
What is Cyber Insurance?
Cyber insurance is a type of insurance that’s designed to protect against cyber risks. It’s primarily for mitigating the damages brought by cybersecurity incidents (data breach, ID theft, or a cyber attack).
It also covers the cost of recovery and helps an organization manage third-party litigation. Cyber insurance is also referred to as data breach insurance or cyber liability insurance.
In the US alone, a third of companies have some form of cyber insurance.
Who Should Buy Cyber Insurance?
Companies that store customer information, perform online payments, or use cloud services should buy cyber insurance. But most (if not all) companies now have an online presence and are regularly exposed to cyber threats.
Even if your company is a small one, you likely still vulnerable to a data breach.
- In a 2015 report, Symantec stated that 30% of phishing attacks were directed against companies with less than 250 employees.
- In another study, 66% of small-and-medium-sized businesses said they wouldn’t survive a data breach on their own.
- USA Today reported in 2017 that 61% of data breaches occur in smaller businesses, with costs averaging between $84,000 and $148,000.
- As regards new ventures – data breaches cause 60% of startups to go out of business in less than 6 months.
What Does Cyber Liability Insurance Cover?
Cyber liability coverage can vary widely based on which insurer you’re purchasing the insurance from.
Judy Selby, a cyber law expert and principal at Judy Selby Consulting LLC, says, “Unlike many other more traditional lines of insurance, there is no standard policy form for cyber insurance. Each cyber insurer has its own policy form, utilizing its own, unique policy language. This creates challenges for companies trying to compare one cyber insurance policy with another.”
Despite the variations, Selby says cyber policies can be thought of in two categories – First Party Coverage and Third Party Coverage:
1. First-party Coverage
This coverage pays for immediate expenses that a company incurs after a cyber breach. This includes:
- Cost of notifying employees and the public
- Repairing any damaged software or hardware
- Protecting the company’s reputation with a marketing and public relations response
- Business Interruption and Extra Expense
- Extortion money (hacker threatens your data or systems unless you pay them a ransom)
- Other ancillary costs, such as paying for credit monitoring for customers
2. Third-party Coverage
This coverage helps the company defend against lawsuits and legal claims. This includes:
- Privacy lawsuits claiming that you breached the privacy of customers or employees
- Fines from regulatory bodies
- Media liability claims, such as copyright infringement, libel, or slander.
- Breach of contract or negligence claims
On top of first and third-party coverage, some insurance companies also provide risk mitigation services to help you identify and avoid cyber threats before they happen. After a breach has occurred, some insurers will set up a hotline that customers and members of the public can call to get more information.
What’s Not Covered by Cyber Liability Insurance?
It’s important to carefully read through your cyber liability insurance policy and understand any exclusions.
Cyber liability insurance commonly excludes all of the following:
- Bodily injury or property damage claims: Cyber liability insurance won’t protect claims of bodily injury or 3rd-party property damage. This is typically covered by General Liability insurance.
- Loss of property by theft: Theft of a piece of property, like a phone or computer, is generally covered by commercial property insurance.
- Criminal activity: Typically fraud and employee theft are covered by a Crime policy.
- Misrepresentations: When you purchase a cyber liability policy, you agree to maintain appropriate security measures in order to prevent a cyber incident from happening in the first place. If you fail to maintain these security measures, then coverage might be denied.
It’s important to know what you’re agreeing to and to have proper security procedures in place. You can put these protocols in place on your own or you can hire third-party security firms to help you get in compliance with your policy requirements.
Why Buy Cyber Insurance?
Cyber insurance won’t shield a company from cyber attacks or from being exposed to cyber risks, but it can mitigate the damages caused by a cybersecurity incident. Cyber insurance is an important safety net to ensure that your business can continue to thrive with minimal impact after a security incident.
Not every business will need several millions in coverage, but in today’s world – where all businesses are increasingly reliant on digital tools and cloud storage – this is one coverage line that is well worth your consideration.