What Cyber Liability Insurance Is All About:
You’ve probably read the headlines: large companies are frequently exposed to data breaches, hacking incidents and network failures.
Companies can face hefty fines and expensive legal settlements in such cyber liability cases - not to mention losses resulting from the damage to a brand’s reputation.
But this problem isn’t just for major companies. Your small business could also face cyber risk.
That’s why we have Cyber Insurance coverage, which protects businesses from the increasingly sophisticated and complex threats that are prevalent in today’s tech-driven society.
Read on to find out more about this type of coverage, and if it’s right for your business.
What Is Cyber Liability Insurance?
Cyber Insurance coverage can cover a broad range of information security-related claims, including data breaches, network failures and media or content liability.
Many small business owners dismiss this insurance as something that only big companies have to worry about. The truth is, however, that there are thousands of small businesses handling sensitive information that could be exposed, leaving them liable to numerous claims. All it takes is one breach, whether it’s as sophisticated as a hacking or as simple as an employee's laptop being stolen, to cost your business seriously.
Any business that handles sensitive customer information, like credit card numbers, is at risk. If it happens to you, a breach or network failure could wind up costing your small business to the tune of hundreds of thousands of dollars.
Furthering the case for Electronic Data Liability Insurance, most states in the U.S. have laws that make data breach notification mandatory. Notification can quickly become very expensive, especially if you need to communicate with thousands of customers via mail, making this type of insurance an affordable way to comply while mitigating costs. As data breaches become more and more common, this insurance will grow to be just as vital to small businesses as policies that protect them from things like fires, floods and vandalism incidents.
Do I Need Cyber Liability Insurance?
This type of insurance comes in handy if your business...
- Collects payment information for online sales
- Maintains a database of personal information on current, past or prospective customers
- Stores information on employees digitally, including social security numbers or medical information
- Relies heavily on technology for daily operations
- Is located in one of the 46 U.S. states with mandatory data breach notification laws
Still not sure what you need?
CoverWallet's Insurance Checklist , you'll find a list of insurance types needed for your specific business or industry.
What Does Cyber Liability Insurance Cover?
At a High Level...
Cyber Insurance coverage protects your small business from a variety of cyber security breach claims and lawsuits. That could range from accidental loss of personal information surrounding customers or employees to online hacking and theft of confidential information (like your customers’ credit card numbers), and even the loss or theft of paper records from your office.
Your policy should cover expenses relating to the investigation of a data breach, the cost of legal counsel, the cost of communicating the breach to customers (including mailings), costs related to business interruption while your network is down and public relations expenses. These policies also cover third-party costs, including their legal defense costs and resulting settlements and judgments, any liability to banks for re-issuing credit cards and notifying customers, and regulatory fines and penalties. You may also want to consider investing in a policy that covers employee privacy liability, in case employee records are exposed.
Getting Into the Details…
In addition to data breach coverage, Cyber Insurance covers:
- Media liability
- Network security/failure liability, including both first-party and third-party costs
- Extortion liability
Here are examples of some types of claims:
|Type of Claim||Description||Example|
|Data Breach||A data breach occurs when private information on your customers and employees is exposed, leaving them susceptible to damages and loss. In this case, insurance covers most expenses related to remedying or managing the situation, from investigatory costs to legal and court expenses, regulatory fines, mandatory notification, retainment of a public relations agency and credit/fraud monitoring services for potential victims.||For example, a retail e-commerce site is hacked, and 1,000 customers’ personal data, including their names, addresses, emails and credit card numbers, are stolen. The retailer must now notify all 1,000 customers, and face not only a public relations crisis as the media covers the news, but potential lawsuits from customers who have resulting damages.|
|Media||This coverage takes care of third-party advertising injury claims which occur on the internet.||Examples of media liability claims include IP infringement, copyright infringement, libel, slander and defacement of a website. For example, if your business accidentally incorporated another company’s IP into its website, that company could sue for damages.|
|Network Failure||This covers your damages as well as third-party damages that occur when there is a denial of access incident, as well as costs related to data hosted or stored by third-party suppliers, including theft of such data.||A virus on your e-commerce site infects customers, causing damage to their devices. Or, a problem in your software could bring down another company’s network, resulting in a consumer data breach or destruction of data. If your own IT network goes down and you need to hire additional labor to get it back up and running, those costs are also covered.|
|Extortion||Extortion liability coverage is for remittance to criminal demands ater stealing or damaging digital information. It will also cover the professional fees related to dealing with extortion threats.||Hackers could target your business for financial or political gain, and threaten to expose your data or trade secrets if you don’t meet certain demands. Coverage will help you retain professional services that counsel you on how to best handle these types of situations.|
|Loss of Physical Records or Devices||Surprisingly to some, this insurance also covers the loss of information via stolen or otherwise exposed physical records, as well as the theft of business devices.||For example, if an employee’s laptop is stolen, this could result in sensitive customer information stored on their computer falling into the wrong hands. Likewise, if physical records are not destroyed, they could wind up causing damages. All it takes is for one piece of valuable printed information to go un-shredded and you’re facing a threat or a lawsuit.|
You’ll Know It’s the Right Policy If It Covers:
- Costs to investigate a data breach or security threat
- Notification of data breaches to customers or other legally required parties (like employees)
- Credit card and fraud monitoring services for your customers
- The cost of retaining a public relations agency or consultant for crisis communications and reputation management assistance
- Defense and court costs, as well as resulting settlements and judgements.
What Does Cyber Liability Insurance Not Cover?
Cyber Liability Insurance does not cover...
- Damages resulting from the harm to your business’s reputation
- Costs to beef up security and improve systems to mitigate risk of future threats
- Loss of first-party intellectual property
- Loss of future revenue that may be attributed to a data breach or network security issue
- Errors and omissions (E&O) claims - while E&O insurance is a popular addition for technology companies, it’s different from this type of insurance and you may need both if your business offers technology consulting services or solutions
What Are the “Limits” on a Cyber Liability Insurance Policy?
For this type of coverage, first-party coverages are typically offered as sublimits of liability. What this means is that only a small portion of your total policy can be applied to certain cost areas. While historically these sublimits have been small (for example, a $100,000 sublimit for regulatory fines and penalties as part of a $5 million policy), they have recently expanded. In most cases today, your business will be able to apply up to 50 percent of the total policy limit to first-party costs, and some markets will even offer blanket policies with no sublimits. It’s important to read the wording of your policy carefully to ensure you will be covered for all the costs you may incur.
Additionally, there are often time-related limits written into these types of policies. That means your network could have to be down for a certain specified number of hours before business interruption coverage would kick in. If it’s only down for an hour, you’re likely not going to be able to make a successful claim.
How Much Does Cyber Insurance Cost?
Electronic Data Liability Insurance is often added to a Business Owner’s Policy, which can make it more affordable as part of the bundle. However, many small businesses also purchase it separately.
But while simple policies exist, figuring out exactly what coverage your small business needs can be still be tricky. Factors that you’ll need to consider include:
- Your business’s size
- Your industry
- Your level of exposure
- Your business model
There are different levels of service you can choose from when selecting a policy. These will affect the cost of Cyber Insurance. For example, some will provide you with a point person who will handle your claims from beginning to end, while others will have you manage claims individually and leave you free to choose which services you want to utilize from a list of suppliers they work with.
Small businesses can implement security controls to reduce their risk and therefore their premiums for this type of insurance. These controls can range from installing advanced security software to implementing internal procedures for handling customer data and providing a virtual private network, or VPN, for remote employees to access company servers. It’s also important for small businesses to conduct regular security audits, as well as train employees on how to protect valuable and sensitive customer information.
Additionally, some policies will offer reduced premiums for each year your business does not have a claim. This can be helpful, particularly when factoring in other expenses, such as the cost of General Liability Insurance.
As businesses become more and more reliant on technology, it’s time to face the fact that data breaches and network security issues are only going to become more prevalent. As a small business owner, you don’t want to get stuck with the bill.
Not only that, but in times of crisis, your immediate actions can make or break your future success. Swift action is necessary to prove to your customers and stakeholders that you’re remedying the situation.
Purchase an insurance policy and rest easy knowing that in the case of a cyber liability incident you’ll be able to focus on what’s most important (repairing your brand’s reputation and its relationship with customers) instead of worrying about how you’ll pay for things like court fees and notification costs.