Estimated reading time: 5 minutes
Return To: Cyber Insurance – The Ultimate Guide
Virtually all businesses today face risks from managing data and using technology for their daily operations. Some examples of cyber risks include disruption or failure or computer systems, data breaches, intellectual property theft, identity theft, and other forms of cybercrimes.
In the past decade, data breaches have led to hefty fines and major headaches for some of the biggest corporations in the country. It’s not just large businesses, however, that are vulnerable to data breaches. According to Insurance Journal, 55% of small and medium-sized businesses have suffered from a data breach.
As a business owner, you want to avoid putting your customers, employees, and reputation at risk. One way to protect yourself from the costs of data breaches is by signing up for a cyber liability policy.
What Is Cyber Liability?
When your systems are hacked or if your customers’ or employees’ information is compromised, you may be held liable for the costs of timely remediation and response as well as any damages that may emerge.
What Is Cyber Insurance?
Businesses, no matter the size, are required by law to protect sensitive information such as health records, Social Security numbers, credit card numbers, and so many others. Cyber insurance or cyber liability insurance covers the financial losses that your business would incur from cyberattacks and data breaches that may lead to the loss, theft, or compromise of such information.
Like other types of insurance policies, cyber insurance has a deductible. This is the amount you’re responsible for paying before the plan starts to pay some or all of your costs. It’s applied every time your policy has to pay for a covered incident or loss. You can decide how much your deductible will be when you’re selecting your policy.
When determining the amount of coverage that a business will get and the premiums they’ll need to pay, many insurance companies typically classify them into three hazard groups:
| Class | Definition | Examples |
| Low Hazard | Businesses that possess low amounts of personally identifiable information | Agricultural or farming companies |
| Medium Hazard | Businesses that possess low to moderate volume and value of personally identifiable information | Warehousing companies and wholesalers |
| High Hazard | Businesses that possess moderate to high volume and value of personally identifiable information | Online merchants and retail stores |
What Is Covered by Cyber Liability Insurance?
Cyber liability insurance typically covers the following:
Legal Fees and Expenses
Cyber insurance covers the cost of hiring lawyers to deal with the legal side of the problem, including the events listed below:
- Claims and class action lawsuits against the company due to their negligence and failure to protect the customer’s sensitive information
- Lawsuits against the business for invasion of privacy, libel or defamation, or copyright infringement due to the publication of online ads
- Proceedings initiated by regulatory agencies responsible for overseeing data breaches
- Funding for potential settlements and fines imposed by the government
Costs of Notifying Customers About a Breach
Most states require businesses to inform their customers of data breaches that involve their personal information. This can be an expensive process, as businesses have to first identify potential victims through an internal investigation. They may also have to establish a contact center or offer credit monitoring services to their customers.
Costs of Recovering and Restoring Lost or Compromised Data
Cyber liability insurance covers the costs of replacing or restoring damaged systems, software, programs, or data that were destroyed or damaged by viruses, DDoS attacks, hackers, and other covered events.
Extortion Costs
Your policy may also pay for the costs of negotiating and paying ransomware demands to recover locked files.
Income Losses
The plan also covers loss of income following a shutdown or stoppage of operations due to covered events. It also covers the extra expenses that the business would have to incur to restore its operations.
Crisis Management Costs
Cyber liability policies also cover some aspects of crisis management, including hiring computer specialists, forensic accountants, or public relations experts to evaluate the scope of the damage, reduce the losses incurred by the company, and prevent further damage to the company’s reputation.
What Isn’t Covered By Cyber Liability Insurance?
Cyber liability insurance isn’t a catch-all policy that can solve all the problems that may arise from cyberattacks. They may exclude certain types of claims or events. Here are some of them:
- Property damage or physical injuries: This is usually covered by other types of liability insurance policies. Take note that financial losses due to loss of intellectual property or loss of business due to reputation damage are generally not covered by your policy.
- Intentional acts by the policyholder: Malicious acts caused or perpetrated by the policyholder in order to recover damages from the insurance company are not covered by this policy and most other types of liability policies.
- War or terrorist acts: If the breach is caused by an agent of a hostile foreign government, reimbursement may be denied due to the war exclusion clause.
- Upgrades of computer systems: This includes the costs of improving internal systems such as security or software upgrades to prevent the cyber event from happening again.
- Loss of future profits: The policy will most likely not reimburse you for the loss of expected profits due to cyberattacks or data breach.
- Utility failure: Losses due to the failure of utilities like gas, water, or electricity are generally not covered by this type of policy.
- Contractual liability: This exclusion is typically found in most policies. It refers to any liability that the policyholder willingly takes on under a third-party agreement or contract.
Conclusion
A cyber liability insurance policy is an important component of your overall risk management strategy. It protects your business, customers, employees, and partners from financial losses due to data breaches or cyber-attacks. Having a cyber insurance policy doesn’t mean, however, that you should stop investing in cybersecurity programs and measures that will protect your business from cyberattacks and threats. Instead, your policy should go hand-in-hand with internal controls and safeguards that can detect and stop malicious activities before they can even cause damage.