What Does a Cyber Liability Policy Cover?

March 8, 2019 •

The enhanced accessibility of electronic data storage has created new opportunities for businesses to digitize processes and streamline efficiency from top to bottom. While cloud computing has revolutionized the way firms store and apply data, these advancements also come with their own risks.

Cybercrime has emerged as a major threat to every company’s proprietary information, making it imperative to be protected with cyber liability insurance coverage in the event of a breach. But, what does a cyber liability insurance policy cover and how can it shield your company from unwanted financial losses? Keep reading to learn about Cyber Insurance and why you need it.


What Does Cyber Liability Insurance Cover?

Several large companies have been the victim of cyberattacks in recent years, including Equifax, Target, American Express, Home Depot, Wal-Mart, and Yahoo. These events have resulted in billions of dollars in losses and litigation costs. But, cyberthreats affect small and medium-sized businesses too.

According to Accenture, in 2019 over 40% of cybersecurity incidents affected small businesses. Despite this, less than 15% of small business owners stated that they are prepared to protect their company from the threat of an attack.

So, what is cyber liability insurance and how does it protect you? A cyber liability insurance policy will protect your company against theft of your electronic data and information, along with any ensuing litigation that may occur after the fact. Coverage is distinguished between direct (first-party) and indirect (third-party) losses incurred in the wake of an attack, along with other miscellaneous expenses covered. Most liability policies will cover your company for all three categories, but it is useful to understand their distinctions.

First-Party Coverage

First-party coverage provides your company with protection against liability that is specific to the data breach, including the following:

  • Costs to determine if and how the breach occurred
  • Replacement and repair of electronic data systems and computers
  • Customer notification expenses
  • Threats or extortion by cyber criminals
  • PR and crisis management fees
  • General losses in revenues directly affected by the incident

Consider healthcare providers and healthcare insurance companies. Both are liable for protecting electronic patient health information (or ePHI); thus, both should have first-party coverage.

Third-Party Coverage

Third-party liability coverage shelters your company from ensuing financial losses or theft as a result of a cyberattack on associated businesses, for example:

  • Customer claims and settlements
  • Fines
  • Legal fees
  • Costs incurred to repair your company’s reputation
  • Copyright infringements
  • Later abuse of company data such as email hacking or misuse of electronic communication

In sum, these are cyberattacks inflicted on third-party companies with which the insured company works in tandem. Think about those healthcare providers and healthcare insurance companies again. They have to transfer ePHI back and forth to each other. If one loses the patient’s sensitive data, the other could be liable.

Miscellaneous Expenses

Additionally, a cybersecurity event can result in losses that do not specifically fit into first or third-party liability coverage; these include:

  • Terrorism and other crimes
  • Future revenue losses
  • Stolen intellectual property
  • Other intangible losses

It is worth noting that insurance providers will always modify your policy to fit your specific business’ needs, taking into account your company’s size, industry, and IT utilization. Of course, the cyber risk to your business is key in determining the level of protection required.


Cybersecurity Risks

A data breach will directly affect your company’s profit and loss, with the average security breach costing a small or medium-sized business between $100,000 and $300,000. This risk is compounded when considering the ever-changing nature of technology and its integration into a growing enterprise, with Accenture projecting that cybersecurity incidents will cost companies over $5 trillion in the next five years. So before you become too consumed with asking what is the average cost of cyber liability, remember that it’s nothing compared to the cost of a data breach.

It is almost impossible to completely mitigate the risk of a cybersecurity attack. Your company’s sensitive data can be compromised in a variety of ways:

  • Not updating your firm’s security hardware or software in a timely manner
  • Contracting BPO’s whose security is at risk
  • Clicking on phishing emails aimed at accessing your business’ network
  • Not employing two-factor authentication / password hacking
  • General employee negligence when using IT
  • Targeted attacks from hackers
  • Lack of investment in data security measures

While managers and business owners can temper some of the above risks through preventative measures, many of these potential threats fall outside the spectrum of management’s influence. Unfortunately, minimizing the risk of a cybersecurity incident is dependent upon the accountability of employees and contracted third-parties.


Minimizing Cybersecurity Risks

Your company can protect its reputation and minimize the risk of a security breach through proper IT practices, including consistent maintenance of IT and data systems, employee awareness programs and simulated phishing emails, conducting security due diligence when contracting third-parties, and investing in measures to combat potential threats and extortion.

Still, cybersecurity breaches are occurring increasingly often, forcing small and medium-sized businesses to pay millions in out-of-pocket expenses to lawyers and angry customers, with some permanently closing their doors or falling into bankruptcy. For a modern enterprise, cybersecurity insurance coverage has become an essential facet of protecting your business against external threats, regardless of company size.

Is your business covered?



Coverage type