No matter the size of your business, data breaches happen. Sure, cybersecurity is a big part of your defense strategy, but what happens if the bad guys win despite your best efforts? Cyber liability insurance will lessen your financial responsibility if you are a victim of a breach and can help you recoup your legal costs and even, in some cases, the direct hit to your budget from lost income, downtime, brand reputation damages, and other financial fallout following a data breach.
You have insurance to cover your car, your health, your home, and your business’ assets. Consider cyber liability insurance as an insurance policy for your network. Cyber liability insurance is also known as cyber risk insurance or a cyber insurance policy.
It’s important to understand that, while some business liability insurance offers limited cyber risk insurance, these limited policies will most likely not cover you in the case of a data breach.
Any business, regardless of size, that collects and stores data, sensitive client information, trade secrets, and other proprietary information needs cyber liability insurance. This applies no matter how or where your data is stored; in the cloud, mobile devices, PCs, servers…no data storage is fool-proof, and wherever data is stored, there is vulnerability.
Unless your business can withstand the costs of a data breach (and few can), cyber risk insurance isn’t just a good idea. It’s a necessity.
The consequences of a data breach touch every aspect of a business, from a tarnished reputation to regulatory fines, downtime, court and legal costs, and even ransomware payments.
The specifics of what is covered by cyber liability largely vary depending on the insurer that you are purchasing your insurance from. There is no such thing as general or standard cyber liability insurance because each insurer has its own services and its own level of security that it can provide to customers.
However, your cyber liability coverage should cover, at the minimum, legal costs, regulatory violation fines, and incident response including investigations and data recovery.
Make sure you read the fine print before signing on the dotted line. Insurance companies can often throw in clauses and loopholes that will absolve them from paying a claim. One example is a refusal to pay for state-sponsored attacks, a big part of many ransomware threats.
Make sure that you are purchasing both first-party (your own business) AND third-party (your customers) policies.
This coverage includes financial support for immediate expenses that occur immediately after a cyber breach. This includes:
This coverage is specifically designed to help the company finance any lawsuits and legal claims. This includes:
Aside from the regular first- and third-party coverage, some companies will also include more personalized coverage that suits the business. For example, they may provide mitigation services that will help you to recognize any weak security points in your company as well as identify the possibility of cyber attacks before they actually happen.
Cyber liability insurance isn’t the only coverage that you will ever need in the sense that it doesn’t cover every single type of damage that may happen after a cyber breach. Read your insurance policy very carefully before signing it so you know exactly what you are and are not protected from.
Usually, cyber liability insurance doesn’t include the following:
When you purchase any cyber liability policy, you will still need to make sure that you are keeping your own security measures in place. You cannot expect the insurer to cover expenses that could have been prevented had you formed at least a basic security plan for your business.
For example, if you don’t install any anti-malware on your computers, the insurer will not cover for any damages if an employee accidentally clicks on an email link that will install malware. In cases like this one, the insurance company will probably deny any coverage.
The estimated costs of cyber insurance policies for a low to moderate risk business averages around $1,485 per year depending on the policy selected.
Remember that the more complex your coverage is, the more expensive it will be. You may also need a different level of coverage depending on your industry-specific regulations; for instance, a health care provider will want a policy to cover HIPAA violations.
In addition, some other factors for the price of cyber risk insurance can include:
Understanding your risks and the costs of downtime, data recovery, and potential legal liability is necessary for choosing your policy.