What Is Cyber Liability Insurance?
Just a decade ago, cyber liability insurance was scant more than a niche market. The insurers that offered it either did so at an outrageous cost—while failing to cover much—or as inexpensive, sub-limited addendums to existing cyber policies. Now, though, the cyber insurance market has burgeoned and become an essential element to any business’ risk management strategy.
Despite that, for many, the particulars of this new digital insurance space remain unclear. You might ask, “What is cyber liability insurance?” or, “What does cyber liability insurance cover?” Below, we’ll address those questions, as we detail what cyber insurance is and why you need it.
The Problem with Cyber Crime
The advent of digitalization and the Information Age have completely disrupted markets and indelibly altered how humanity interacts together. Now, technology is intrinsically linked to how businesses go about their work. Forbes writes:
[It has changed] how people interact. As such interactions move away from analog technologies (snail mail, telephone calls) to digital ones (email, chat, social media), both work and leisure domains become digitalized… [It] is the use of digital technologies to change a business model and provide new revenue and value-producing opportunities; it is the process of moving to a digital business.
While these technologies provide a business with a host of opportunities and places to optimize, they simultaneously inadvertently raise the sally ports in that business’ traditional line of defense—with each technology serving as potential breach through which cyber criminals could seek entrance. And, once they’ve gained a foothold within your security perimeter, hackers have a direct line of attack to the business’ heart. As a result, even a modest cyberattack can cause serious losses and inconveniences to businesses both big and small.
To add some context to the mounting problem, check out the following stats:
- Today, cyber crime is the fastest-growing form of criminal activity, and is expected to create $6trn in costs annually by 2021.
- It’s not just big businesses that get targeted. A Verizon report stated that 43% of all online attacks are targeting small businesses, of whom, only 14% are ready to defend themselves.
- Hiscox Insurance discovered that the average digital incidents cost a business, regardless of size, $200,000.
- 60% of small businesses go out of business within 6 months of a cyber-attack.
Seeing this issue for what it is CNBC writes:
Modern IT infrastructures are more complex and sophisticated than ever, and the amount of virtual ground that we’ve got to safeguard has also grown exponentially… As a result, it’s guaranteed that virtually every modern organization’s high-tech perimeters will eventually be breached. This being the case, for small business owners it’s no longer a matter of considering if security threats will arise, but rather thinking in terms of when.
That last line is what brings us to the vital importance of having cyber liability insurance coverage.
What Is Cyber Liability Insurance
Simply put, every business, no matter its size, faces a cyber risk. Typically, those risks are categorized into one of three groups:
- Privacy Risk – The potential loss of control over personal data or information of either employees, customers, or associates.
- Information Risk – The potential loss of control of IP, processes, or any other safeguarded or proprietary information a company keeps.
- Operational Risk – The potential loss of control over a businesses’ standard operating procedures.
A cyber liability insurance policy is intended to mitigate the risk of exposure a company faces caused by such an attack. Per Forbes:
Cyber liability insurance is an insurance policy designed specifically for data breaches, malicious attacks, and other cybersecurity threats. Some policies are tailored to a certain industry, such as retail, healthcare or banking. While the primary goal of cyber liability coverage is to protect the business, it can also extend to the clients who interact with the business.
So, what does a cyber liability policy cover? To understand, we’ll need to identify the two primary types of cyber liability coverage:
- First-Party Coverage – Covers direct financial losses to the business. Examples include:
- Loss of transferred funds
- Lost income due to business interruptions
- PR costs
- Reputation management expenses
- Costs repairing or recovering corrupted or stolen electronic data
- Extortion costs for ransomware attacks
- Cost of repairing software or hardware
- Cost of replacing systems
- Third-Party Coverage – Covers indirect losses that result from third-parties being impacted by the cyber breach. Examples include:
- Negligence claims
- Breach of contract claims
- Libel
- Slander
- Defamation
- Copyright infringement
- Fines and/or fees from regulatory boards
- Network privacy claims
- Network liability claims
Cyber Liability Insurance’s 5 Umbrellas
In most cases, a policy will protect your business from primary risks through five different insuring agreements. They are:
- Privacy Liability – This is important for businesses that electronically store employee and customer information. A cyber breach might expose their electronic data without their permission, which could create both first- and third-party costs. Privacy liability coverage shields you from being on the line for the costs arising from violations of privacy law or cyber threats. Per IRMI, the liability typically results from:
- Loss, theft, or unauthorized disclosure of private data
- Damage to data stored in the insured’s computer systems belonging to a third party
- Transmission of malicious code or denial of service to a third-party’s computer system
- Failure to timely disclose a data breach
- Failure of the insured to comply with its own privacy policy prohibiting disclosure or sharing of personally identifiable information
- Failure to administer an identity theft program required by governmental regulation or to take necessary actions to prevent identity theft
- Network Security – One of the most fundamentally critical aspects of a cyber liability policy, this covers a business in cases of network security failures that can be caused by ransomware, data breach, and/or malware. It protects you from first-party costs, such as:
- IT forensics
- Data restoration
- PR help
- Legal costs
- Ransomware payments
- Identity restoration
- Credit monitoring
- Notifying consumers of the breach
- Media Liability – If you use online, social, or print advertising of your services, media liability covers intellectual property infringement as well as patent infringements caused by advertising. Per Digital Media Law, they will typically cover the cost of defending against suits such as:
- Libel, defamation, or slander
- Privacy invasion
- Copyright infringement
- Intellectual property-related suits
- Network Business Interruption – If your business is reliant upon technology and digital systems to operate, this is a must-have. An interruption to such operations could result in massive financial losses due to an inability for the enterprise to run as usual, or at all. So, when either your or your provider’s network goes down, you have the opportunity to recover lost profits, extra costs, or fixed expenses arising from interruption.
- Errors and Omissions – When you do business, you may enter either a tacit agreement or an outright one to provide your customers with your services in a timely manner. If you are considered to be a consultant and you make “promises” but then can’t keep them, E&O protects you from such failures. Per Investopedia:
“Errors and omissions insurance is a form of liability insurance. It protects companies against the full costs of a claim made by a client against a professional who provides advice or a service such as a consultant, financial adviser, insurance agent, or a lawyer.”
What Does Cyber Liability Insurance Not Cover
Although each policy is different, it’s important that you understand that cyber liability insurance does not cover everything. Examples of events that it might not cover include:
- Property Loss – Such as stolen computers, phones, tablets, etc. These would fall under the purview of a business’s property insurance coverage.
- Criminal Activity – Vandalism, theft, robbery and other types of criminal activity would fall under your commercial crime policy.
- Bodily Damage – Injury that somehow occurs during an attack would be covered by general liability insurance. And the same goes for property damage caused by the attack.
In addition, if the expenses exceed your policy’s coverage limits, those would not be covered. That said, it is possible to tack on cyber insurance enhancements, such as:
- Social Engineering – In many cases human error is not covered by a cyber liability policy, despite the fact that it’s the primary cause for breaches. So, if your employee was tricked into transferring funds or letting malicious hackers into the system, this would protect you from the resulting damages.
- Bricking – If you need to replace technology equipment that has been made inoperable by a cyber-attack, this will cover the cost of replacing such infrastructure.
- Reputational Harm – This protects you for a limited time and reimburses you for damages caused to the brand’s reputation by a privacy or security breach.
Getting Liability Insurance
Although it’s critical that every business has cyber liability insurance in some shape or form, what you get and how much depends greatly upon your specific businesses. Therefore, as you go about the process of preparing, be sure to take the following actions:
- Create a cyber risk profile
- Create a list of expenses you want to have covered
- Determine estimates for third-party costs
After compiling all of this information, you’ll be ready to speak to a provider like NOW Insurance. Your provider will assess and answer your question of, what is the average cost of cyber liability? This will ensure that you can tailor a cyber liability insurance policy that fits your budget and addresses your most likely threats. Our dedicated team stands by ready and willing to help. So, do reach out and we will do our utmost to pair you with the perfect plan.
Sources:
- Forbes. Digitization, Digitalization, And Digital Transformation: Confuse Them At Your Peril. https://www.forbes.com/sites/jasonbloomberg/2018/04/29/digitization-digitalization-and-digital-transformation-confuse-them-at-your-peril/#7a4cde102f2c
- CNBC. Protect against the fastest-growing crime: cyber attacks. https://www.cnbc.com/2017/07/25/stay-protected-from-the-uss-fastest-growing-crime-cyber-attacks.html
- Verizon. 2019 Data Breach Investigations Report. https://enterprise.verizon.com/resources/reports/dbir/
- Inc. 60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack. Here’s How to Protect Yourself. https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html
- CNBC. Cyberattacks now cost companies $200,000 on average, putting many out of business.
https://www.cnbc.com/2019/10/13/cyberattacks-cost-small-companies-200k-putting-many-out-of-business.html - Forbes. Should Your Business Get Cyber Liability Insurance? https://www.forbes.com/sites/billhardekopf/2019/09/24/should-your-business-get-cyber-liability-insurance/#5e6d52f02801
- IRMI. Information Security and Privacy Liability Coverage. https://www.irmi.com/term/insurance-definitions/information-security-and-privacy-liability-coverage
- Digital Media Law. Media Liability Insurance. http://www.dmlp.org/legal-guide/media-liability-insurance
- Investopedia. Errors and Omissions Insurance. https://www.investopedia.com/terms/e/errors-omissions-insurance.asp