A cyber risk refers to the risk of financial harm that is done to an organization and is a result of a failure or disruption of its computer systems. It may also be a risk that a company faces from the way they handle their data or rely on technology in their everyday operations.
But it isn’t just businesses that have to deal with cybercrime. Any large organization, such as a college or university, that has a culture of openness and sharing is highly susceptible to cyber risk.
Some data breaches are not noticeable right away, while others can cause huge disruptions in operation and a leak of valuable personal and business information.
Cyber insurance is a product that helps protect organizations from cyber and information technology risks. Although this is still a growing field, the following are some of the most common types of coverage that you can expect on offer:
This type of coverage covers common costs that are a result of a privacy breach, such as:
This type of coverage reimburses the costs to defend an action by regulations due to a privacy breach. However, there is no limitation as to what caused the privacy breach. For example, this type of coverage could apply to a failure of security on the part of the company which resulted in a privacy breach, such as someone losing a laptop or emailing a document to the wrong person.
This type of insurance protects the policyholder and other insured individuals from the risk of liabilities that may come from lawsuits or similar claims. Liability coverage has mostly to do with financial support should you find yourself in this situation.
Some common types of cyber insurance liability coverage include:
Cyber extortion usually takes the form of a ransomware attack. This means that the cybercriminal will encrypt a victim’s files or threaten the release of sensitive data unless a ransom is paid. Unfortunately, this is a very common type of cyber attack and can cause a lot of financial and psychological damage to both the company and the individual targeted.
The insurer may have the right and duty to defend any claim brought against an insured or may indemnify the insured for reasonable costs incurred by the insured to defend a claim. In order to make this work, the insured will generally be required to cooperate with the insurer in the defense of the claim and provide to the insurer all information and assistance that the insurer reasonably requests.
These are some of the most common areas of cyber insurance that are covered:
Cyber insurance policies can protect from some or all of the following types of data:
This includes information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. It also generally includes a person’s name, address, telephone number, social security number, account balances, and passwords. It includes all information that is subject to the Family Educational Rights and Privacy Act.
This is also most commonly referred to as protected health information and includes any information that contains individually identifiable health information and generally includes any part of a patient’s medical record. This includes health status, provision of health care, or payment for health care.
Sensitive third-party data such as trade secrets, designs, forecasts, methods, formulas, and records are in the care, custody, or control of an insured may be considered “confidential” or “protected” information. If an event occurs where there is an unauthorized disclosure of confidential or protected information, this is considered a breach of privacy.
This includes the personal information held by a payment card brand to process a payment card transaction. It can also refer more broadly to the Payment Card Industry, including its rules, regulations, standards, or guidelines.
Cyber liability insurance does not cover every single possible loss that a business or an individual may incur.
Typical exclusions involve faulty security measures placed by the business, poor employment practices that result in criminal activity, theft of trade secrets, unfair trade practices, and others.
Cyber insurance policies also typically exclude coverage for any incident or claim that arises from or is based on a willful, intentional, deliberate, malicious, fraudulent, dishonest, or criminal act or omission committed by the insured. The general intent of this exclusion is to prevent the insured from receiving a financial benefit for committing an unlawful or dishonest act.
There are many cyber insurance providers available on the market, but that doesn’t mean that each one is the right option for you. Here are some ways that you can efficiently buy cyber insurance: