Cyber Liability Insurance

​

You do not have to look far to see the cyber risks associated with everyday life. Most small business have some level of cyber liability risk. In fact, according to 2019 Verizon Data Breach Investigation Report, 43% of all cyber-attacks targeted small businesses. We can review your cyber liability risk in order to demonstrate how a cyber liability insurance policy may help your business minimize its exposure. 

​

Our society is increasingly dependent on technology. This technology connects mass amounts of people and data, which leads to large-scale operational and marketing efficiencies for businesses. Unfortunately, the connected nature of technology creates new risks for businesses as well. Businesses now face threats of data breaches, hacking incidents, network failures and other innovative cyber incidents. Ultimately, your business may be liable if a third party compromises the security and integrity of your data. The prevalence of these threats require businesses both small and large defend their systems and organizations against attack. Here is a list of potential cyber liability risks.

 

What is Cyber Liability Insurance?

​

Cyber Liability Insurance covers your business in the event of a data breach, hacking, and extortion events.  The data in your care, custody, and control is your liability even if the information is stored on third party servers.  You have a legal obligation to secure data entrusted to you.

 

​

• Third Party Liability - businesses may be liable for costs incurred by customers, suppliers and other third parties due to a cyber-attack or other data breach.

• System recovery - Repairing or replacing IT systems, including damaged or lost data, leads to significant costs. Following an attack, your business may not be able to operate due to system downtime. This leads to additional losses from business interruption.

• Notification expenses - In most states, following a cyber-attack that may involve customer data, you must notify customers of the breach. The notification process may be expensive, especially if your business has a large amount of customers.

• Regulatory fines - federal and state regulations require businesses to protect consumer data. If a business fails to meet its required compliance duty under the law, which leads to a data breach, then your business may incur substantial fines.

• Class action lawsuits – recent large-scale data breaches resulted in class action lawsuits filed on behalf of customers involved in the breach.

 

​

​

What does Cyber Liability Insurance Cover?

​

Here is a detailed list of coverages typically offered under cyber liability policies.

 

First Party Coverages:

 

• Loss or Damage to Electronic Data – this includes losses caused by damage, theft, disruption or corruption of electronic data. This coverage includes costs to restore or recover lost data. This also covers the cost of third parties needed to save, extract or reconstruct your data. The lost data must result from a covered cyber liability event, such a hacker, a virus or a denial of service attack.

 

• Loss of Income or Extra Expenses – this coverage portion replaces lost income and expenses due to a full or partial shutdown of your IT systems due to a covered cyber liability event. A commercial property policy does not provide coverage for this type of business interruption coverage.

 

• Cyber Extortion Losses – this coverage responds when an insured receives a threat in which a third party threatens either to attack the insured's computer system or to release confidential information in the insured's possession unless the insured pays the extortionist some amount of money.

 

• Notification Costs - this coverage includes cost of notifying parties affected by the data breach, attorney fees related to determining notification obligations and in some cases, this may include the cost of providing credit monitoring for affected parties.

 

• Damage to Your Reputation / Crisis Management – this includes marketing and public relations costs required to protect your company’s reputation following a data breach. 

 

 

Third-Party Liability Coverages:

 

• Network Security Liability – this covers lawsuits against your business due to a data breach or to the inability to access data on your IT system.

 

• Network Privacy Liability – this covers lawsuits alleging your business did not adequately protect sensitive data (customer, client or third parties) stored on your IT systems.

 

• Electronic Media Liability – this covers lawsuits against your business that relate to libel, slander, defamation, copyright infringement, invasion of privacy or domain name infringement as a result of online publication of electronic data.

 

• Social Engineering – when a third party deceives an employee into transferring company funds. This coverage may be included or added onto a cyber policy, although many policies do not include it. Our Cyber liability policy does include this coverage, as this is a significant exposure. We believe social engineering coverage is an important part of an effective cyber liability program.  In some cases, the coverage may not be available due to the class of business.

 

What are typical Cyber Liability Insurance Claims?

 

Below are various cyber liability claims examples based on the different coverages in a typical policy.

 

• Unauthorized Access - A computer hacker group gained access electronically to the computerized cash registers of a store chain and stole credit card information of 1,000 customers. This led to a flood of fraudulent purchases.

​

• Privacy Breach / Human Error - A hospital employee improperly disposed of thousands of client records in violation of the company’s privacy policy. The records contained social security numbers, credit and debit card account numbers, names, addresses, telephone numbers, as well as sensitive medical information. The hospital settled the claim and agreed to pay fines and penalties imposed by the state as well as extend funds for credit monitoring on behalf of the victims.

 

• Theft of Digital Assets - A retailer contracted with a third party service provider. A thief stole two computers from the service provider containing client data of the retailer. Under applicable notification laws, the retailer (not the service provider) was required to notify affected individuals.

 

• Cyber Extortion - A U.S. based IT company contracted with a third party software vendor. The vendor left universal “administrator” defaults installed on the company’s server and a hacker exploited this vulnerability and took over the IT system. The hacker advised if he did not receive the requested payment then he would post the records of millions of registered users on a blog available for all to see.

​

• Malicious Code - A hacker released a computer virus designed to launch a denial of service attack against a consulting firm. The infection caused a two-day shutdown of the firm’s computer systems. The company incurred extensive costs and expenses to repair and restore their system as well as business interruption expenses.

​

Who Needs Cyber Liability Insurance?

​

Small business owners are especially at risk of cyber liability claims. Larger companies have the resources necessary to employ an arsenal of cyber security personnel and implement IT risk management practices. Unfortunately, most small business owners do not have this luxury. Yet, even small businesses have a significant exposure to a cyber liability loss. A few industries in particular have a significant exposure to cyber liability. These include retail, healthcare and financial services providers.

 

How much Cyber Liability Coverage does my Business need?

 

Determining the necessary level of coverage is challenging. Businesses should review various hypothetical claim scenarios. While studies vary, the average cost of a data breach is somewhere around $150 - $200 per affected record. This data along with the number of records at your business may help in your determination of coverage amounts. The industry, number of customers, amount of data, and IT infrastructure influence the potential coverage amounts necessary for your business. Our team is available to help you run various scenarios and determine a healthy coverage limit for your business.

 

How much does Cyber Liability Insurance Cost?

 

The average cost of a Cyber Liability policy ranges based on the industry, we estimate between $700- $1,500 annual.  The cost of cyber liability insurance varies significantly depending on a variety of factors. First, insurance companies consider the industry of a business. Even if the business has a good claims history, if the company is in an industry known to have a higher cyber liability risk, then the premium will likely be higher than a business in an industry not known for its cyber risk. Insurers often examine the data access points and security measures that a company has in place. Internal efforts that minimize the cyber risk of a company will typically lead to reduced premiums. Businesses that need higher coverage limits will usually pay higher premiums. Claims history is another important factor. Businesses that incur a cyber liability loss will usually end up paying higher premiums than a similar business with no loss history.

 

Who offers this Coverage and How Do I Buy it?

 

While premiums and coverage terms vary widely, many insurance companies offer cyber liability insurance. Our team knows the insurance carriers that tend to offer the most aggressive premiums along with the broadest coverage terms. Ultimately, this is where our team excels. Our job is to review the coverage available in the cyber liability insurance marketplace and then provide you multiple quotes in order to help design a broad and effective cyber insurance program to protect your business.

 

10-Steps to Minimize Your Cyber Liability Risks?

 

Cyber Liability insurance is an important tool to help transfer a business’ cyber risks; however, risk management is still important in minimizing a company’s risk. Below is a list of items to review in order to make sure your business does as much as possible to prevent a cyber loss. Our team is able to discuss these items with you in order to help develop a cyber risk plan for your business.

 

1. Know your data. To understand your risk, you must know the nature and amount of data on hand.

2. Create file back-ups, data back-ups and back-up bandwidth capabilities.

3. Train employees to recognize cyber schemes, such as phishing and phony emails.

4. Do background checks on employees. Background checking employees can help identify whether they have criminal pasts.

5. Limit and tightly control administrative capabilities for systems.

6. Ensure systems have appropriate firewall and antivirus technology. These protections need periodic testing and evaluation.

7. Implement data breach prevention tools, such as intrusion detection.

8. Update security software patches in a timely manner.

9. Put an emergency plan in place to manage a data breach. Just like in a physical emergency, roles and responsibilities for response and recovery plans need to be clear in a cyber breach.

10. Collaborate with your cyber insurance carrier. Most insurers offer support services designed to help insureds prevent cyber related losses.

 

 

Disclaimer:  the information provided here is for informational purposes only.   Each cyber insurance company has their version of a Cyber Policy.  The cyber liability insurance policy you purchase through us will supersede any information provided on this site.