No matter the size of your business, data breaches happen. Sure, cybersecurity is a big part of your defense strategy, but what happens if the bad guys win despite your best efforts? Cyber liability insurance will lessen your financial responsibility if you are a victim of a breach and can help you recoup your legal costs and even, in some cases, the direct hit to your budget from lost income, downtime, brand reputation damages, and other financial fallout following a data breach.
What is Cyber Liability Insurance?
You have insurance to cover your car, your health, your home, and your business’ assets. Consider cyber liability insurance as an insurance policy for your network. Cyber liability insurance is also known as cyber risk insurance or a cyber insurance policy. It’s important to understand that, while some business liability insurance offers limited cyber risk insurance, these limited policies will most likely not cover you in the case of a data breach.
Who Needs IT?
Any business, regardless of size, that collects and stores data, sensitive client information, trade secrets, and other proprietary information needs cyber liability insurance. This applies no matter how or where your data is stored; in the cloud, mobile devices, PCs, servers…no data storage is fool-proof, and wherever data is stored, there is vulnerability. Unless your business can withstand the costs of a data breach (and few can), cyber risk insurance isn’t just a good idea. It’s a necessity.
What Does Cyber Liability Insurance Cover?
The consequences of a data breach touch every aspect of a business, from a tarnished reputation to regulatory fines, downtime, court and legal costs, and even ransomware payments. The specifics of what is covered by cyber liability largely vary depending on the insurer that you are purchasing your insurance from. There is no such thing as general or standard cyber liability insurance because each insurer has its own services and its own level of security that it can provide to customers. However, your cyber liability coverage should cover, at the minimum, legal costs, regulatory violation fines, and incident response including investigations and data recovery. Make sure you read the fine print before signing on the dotted line. Insurance companies can often throw in clauses and loopholes that will absolve them from paying a claim. One example is a refusal to pay for state-sponsored attacks, a big part of many ransomware threats. Make sure that you are purchasing both first-party (your own business) AND third-party (your customers) policies.
First-party coverage
This coverage includes financial support for immediate expenses that occur immediately after a cyber breach. This includes:
- The cost of notifying the employees and public that were affected
- Repairing any damaged software or hardware that was lost in the process
- Protecting the company’s reputation through public relations and marketing
- Any business interruption costs that may have happened
- Extortion money
- Any other ancillary costs
Third-party Coverage
This coverage is specifically designed to help the company finance any lawsuits and legal claims. This includes:
- Privacy lawsuits that will seek compensation for breach of customer or employee information
- Any fines that may occur from regulatory bodies
- Media liability claims such as copyright or slander
- Breach of contract or negligence claims
Aside from the regular first- and third-party coverage, some companies will also include more personalized coverage that suits the business. For example, they may provide mitigation services that will help you to recognize any weak security points in your company as well as identify the possibility of cyber attacks before they actually happen.
What is not covered?
Cyber liability insurance isn’t the only coverage that you will ever need in the sense that it doesn’t cover every single type of damage that may happen after a cyber breach. Read your insurance policy very carefully before signing it so you know exactly what you are and are not protected from. Usually, cyber liability insurance doesn’t include the following:
- Any bodily injury or property damage
- Criminal activity in the form of fraud and employee theft
- Any loss of property that may happen
When you purchase any cyber liability policy, you will still need to make sure that you are keeping your own security measures in place. You cannot expect the insurer to cover expenses that could have been prevented had you formed at least a basic security plan for your business. For example, if you don’t install any anti-malware on your computers, the insurer will not cover for any damages if an employee accidentally clicks on an email link that will install malware. In cases like this one, the insurance company will probably deny any coverage.
How Much Does Cyber LIABILITY Insurance Cost?
The estimated costs of cyber insurance policies for a low to moderate risk business averages around $1,485 per year depending on the policy selected. Remember that the more complex your coverage is, the more expensive it will be. You may also need a different level of coverage depending on your industry-specific regulations; for instance, a health care provider will want a policy to cover HIPAA violations. In addition, some other factors for the price of cyber risk insurance can include:
- The number of credit card transactions
- The type of data stored, such as sensitive personal information
- Your industry vertical
- Business Size
- Deductible
- How many different aspects of cybercrime you want to protect
- How well protected you already are.
Understanding your risks and the costs of downtime, data recovery, and potential legal liability is necessary for choosing your policy.
