In this day and age, many small businesses control a lot of data and other online information. This can include anything from client records, work plans, tax records, and other important documents. Recovering from a breach can be long and costly if this information is ever lost, damaged, or stolen due to a security breach. Even worse, there can be legal ramifications, such as third-party claims or lawsuits, if the data contains personal identifying information such as social security numbers, health records, or payment records.
Cyber liability insurance can help businesses protect themselves against costs associated with security breaches and the restoration of your client's data and your reputation.
What Is Cyber Liability Insurance?
At its core, cyber liability helps protect businesses against the financial costs that result from data breaches or other cyber issues. Policies can look very different from one agency to the next as most that offer cyber coverage use forms they develop themselves. Still, most include both first-party and third-party coverage.
First-party protection refers to the out-of-pocket expenses your firm would have to deal with the breach.
On the other hand, third-party coverage applies to damages or settlements a business is obligated to pay arising from claims or suits for injuries that result from a business' actions or failure to act.
Coverage Costs During A Breach
Here are some examples of what you might find covered in your cyber liability policy. Typically, these will be reimbursements for costs/penalties already incurred.
- Data restoration: This covers the costs of replacing or restoring electronic data, programs, or other software damaged or destroyed by a cyber attack, a virus, a denial of service (DoS) attack, or other covered instances.
- Loss of income and extra expenses: This covers income losses for a business and any other expenses that it incurs to restore its operations due to the shutdown because of a computer virus, cyber attack, or other covered instance. Sometimes, policies can cover income a business might lose because of a supplier, distributor, or other company that it depends on being forced to shut down due to a breach.
- Cyber extortion: This covers a ransom paid to a hacker who's breached a company's system and has threatened to commit other acts such as damaging data, introducing a virus, initiating a DoS attack, or releasing confidential data unless the ransom is paid. Policies will generally cover any extortion payment made with the insurer's consent plus related expenses, such as the cost of hiring an expert to negotiate with the extortionist.
- Notification costs: This covers the cost of the notification of different parties who have been affected by a breach. This coverage is especially important because most states have laws requiring businesses to inform individuals when their personal information has been compromised. Policies may also cover the cost of providing credit monitoring services or establishing a call center after a breach.
- Crisis management: Most cyber liability policies will also provide coverage for crisis management expenses. Depending on the policy, insurance may cover the costs of hiring an attorney, forensic accountant, IT expert, or public relations experts to assess the scope of the damage, determine what and whose data was compromised, help reduce the amount of data lost, and protect the company's reputation.
A recent study performed by AdvisorSmith Solution Inc. found that the average cyber insurance cost in 2019 was $1,500 per year for $1 million in coverage, with a $10,000 deductible. However, costs range depending on a number of factors, including the size and industry you're in, the amount and sensitivity of the data, annual revenue, strength of security measures, and policy terms.
Coverage for Third Party Claims and Lawsuits
The coverage for third-party claims is usually "claimsâ€“made," meaning your coverage extends to claims made during the policy period. Typically, insurance will cover damages and settlements plus defense costs, which may be included within or in addition to the policy limit.
- Network security and privacy liability: This will cover claims against the business arising from negligent acts, errors, or omissions, such as failure to protect sensitive data, provide notification of a data breach, or prevent a breach that results in a DoS attack or the introduction of a virus.
- Electronic media liability: Electronic media liability insurance covers lawsuits against the business for acts like libel, slander, defamation, copyright infringement, invasion of privacy, or domain name infringement. Typically, these acts are covered only if they result from the policyholder's publication of data on the Internet.Â
- Regulatory proceedings: This covers fines or penalties imposed on the business by regulatory agencies that oversee data breach laws. It can also cover the cost of hiring attorneys to help respond to a regulatory proceeding.
What Cyber Policies Don't Cover
Policies and what they cover will vary from one agency to the next. However, these are typical exclusions that you will probably find on most policies:
- Bodily injury and property damage
- Intentional dishonest acts committed by the insured
- War and terrorism
- Contractual liability
- Utility failure
- Cost of restoring computer systems to a higher level of functionality than they were previously
- Acts committed before the retroactive date (if the policy has one)
Do You Need Cyber Liability Coverage?
In today's tech-forward world, finding a business that doesn't need cyber liability insurance is hard. You should get coverage if you run a business that stores sensitive client, customer, or partner data. Especially if your business supports electronic transactions.
Most people might think that cybercriminals only target large corporations because of their wealth and the damage they can cause. However, the rate of attacks on small businesses is growing, with 43% of attacks targeting small businesses. Sadly, 60% of those businesses go out of business within six months of a breach or cyber attack. Additionally, the pandemic has moved a lot of employees and companies almost fully online, generating more risk of social engineering attacks and data breach attempts.
Cyber liability can protect your business against the very real threat of a data breach, targeted cyber attack, or the consequences of a seemingly small incident such as a lost or stolen laptop or company phone. Cyber liability insurance helps make sure your business can survive if your customer data ends up in the wrong hands.