Cyber liability insurance: What is it, what does it cover, and do I need it?

Cyber liability insurance: What is it, what does it cover, and do I need it?

The ability to store, transmit, receive and process data powers business life as we know it today. We can route customer deliveries using online maps, order items from suppliers via the internet, store our customer accounts in the cloud for convenient yet secure access, and keep track of inventory in real time.

However, our reliance on data has made us vulnerable. When our data is lost (e.g., an IT admin accidentally deletes files without backing them up first), stolen or locked away (e.g., a hacker uses ransomware to make critical patient information inaccessible to caregivers), or compromised (e.g., a disgruntled engineer publicly releases proprietary technical specifications for multi-million dollar inventions that have yet to be patented), you’ll likely incur one or more of the following costs:

  1. Replacement or restoration services for lost data
  2. Legal liabilities for damages to internal stakeholders and/or third parties
  3. Paid Media ads for notifying affected parties of data breaches

Here’s where cyber liability insurance comes in

Any of these costs can amount to a fortune, so to cover these risks, insurance companies developed a category of policies called cyber liability insurance. The current business environment truly calls for such an insurance product to exist, especially since cybercriminals are becoming more treacherous and more vulnerabilities are being discovered every day. Even the most sophisticated firms find it impossible to be 100% data breach-proof, so where does that leave small businesses and those that can only afford basic data security measures? Cyber liability insurance is a safety net that guards you against most financial losses caused by data-related incidents.

What is covered?

There are generally two types of cyber liability insurance: first-party and third-party. First-party cyber insurance covers losses your company may suffer as a result of a denial-of-service (DoS) attack that shuts down your operations, internet service downtime during a major online sale, or any other cyber event that directly affects your business.

On the other hand, third-party cyber insurance covers claims made against you for damages suffered by others, either by what you’ve done (e.g., storing complete credit card numbers, a practice that is forbidden by the Payment Card Industry Data Security Standard or PCI DSS) or what you failed to do (e.g., selling used servers without first purging their data stores of sensitive customer information).

Download our free eBook!

Find out how you can optimize your security solutions without breaking the bank by reading our free ebook: Cyber Security Planning – Three elements to consider when designing your unique strategy

Download now!

Both types of insurance are usually included in policies and have particular clauses for the risks they cover.

Typical inclusions in first-party coverage

  • Lost income or additional expenses – Computer system disruptions can lead to lost revenue and extra expenses for bringing everything back in working order and preventing future setbacks from happening. The policy will take care of such losses.
  • Data loss, theft, or corruption – The policy will pay for the costs of restoring data, including the fees for external consultants and experts who accomplish these tasks.
  • Cyber extortion losses – Hackers can sneak into your computer systems and lock you out of your files unless you pay a ransom. A policy can cover the cost of handling such scenarios (such as having to quarantine affected devices, countering the ransomware, or even paying the ransom the hacker demands).
  • Crisis management costs – The trustworthiness of your company can be severely tarnished by a data breach. You’ll need to spend on restoring your firm’s reputation via marketing and public relations efforts — all costs that some policies cover.
  • Costs of notifications and damage mitigation – Regulatory rules may require you to notify everyone affected by a data breach. A policy can cover the costs of having attorneys determine the extent of your liabilities, placing announcements across popular media, and setting up a victim call centre that will help affected parties find out what has happened to their data as well as the steps they need to take to secure their accounts.
  • Regulatory defense costs and penalties – In an environment where more and more data regulations are imposed upon businesses, the risk that regulatory fines and penalties can break a business is mounting. To address this, companies can obtain a policy with regulatory defense and penalties coverage. As its name denotes, this type of coverage covers the costs of lawyers' consultations with regulators as well as the payment of penalties that the insured incur as a result of regulation violations.

Typical liabilities covered in third-party coverage

This type of coverage pays for defending your firm against third-party claims and for making settlements. Here are the most common liability insurance policies:

  • Errors and omissions liability insurance covers lawsuits arising from flaws or missing components in digital products (such as program code) created as a result of rendering professional services (such as software development).
  • Electronic media liability insurance covers libel, slander, copyright infringement, defamation, and other legal claims made against you because you published electronic data on the internet.
  • Network privacy liability insurance covers claims pertaining to the failure to safeguard sensitive third-party data that’s kept in your IT systems.
  • Network security liability insurance covers claims concerning data breaches or breaches of service level agreements (wherein authorized parties are unable to access data they are contractually privy to in your system).

There are many other types of cyber liability coverage, such as those that apply to identity theft, funds transfer fraud, and other cybercrimes. A few firms even specialize in crafting policies that are tailored to companies in industries such as healthcare and finance. If you are considering purchasing a policy, It’s important that you study the policy carefully, as every insurer’s definitions and coverage differs

The best insurance “policy” is to take action to protect your data and your network to begin with. Turn to XBASE for technical advice on cyber liability insurance and for help on implementing Exponentially Better™ cybersecurity solutions and practices in your business.

Like This Article?

Sign up below and once a month we'll send you a roundup of our most popular posts