Should Your Business Get Cyber Liability Insurance?
Unfortunately, data breaches have become commonplace in today’s financial world, especially in America.
According to a recent survey, nearly two-thirds of retailers in the United States have been victims of some type of data breach, and 37% have been breached in the past year. That risk will continue to be present, since almost all of the retailers surveyed (96%) claim they use sensitive data within digitally transformative environments.
As a result, many businesses are now turning to cyber liability insurance to minimize their risk of loss. As the name implies, this insurance applies to the liability a company experiences after a cybersecurity incident. How does it work, what does it cover, and most importantly, what doesn’t it cover?
What Is Cyber Liability Insurance?
Cyber liability insurance is an insurance policy designed specifically for data breaches, malicious attacks, and other cybersecurity threats. Some policies are tailored to a certain industry, such as retail, healthcare or banking. While the primary goal of cyber liability coverage is to protect the business, it can also extend to the clients who interact with the business.
There are two types of cyber liability coverage:
- First-party coverage: Covers financial losses incurred directly by the business, such as loss of income during a shutdown.
- Third-party coverage: Covers losses resulting from other people affected by the cybersecurity incident, such as a customer suing a business after identity theft.
These policies may also be referred to as ‘cyber and privacy insurance’ or ‘media insurance.’ They typically require a deductible in the event of a claim, much like a liability policy for car insurance.
What Does First-Party Cyber Liability Insurance Cover?
First-party cyber liability insurance covers the expenses a business may experience after a data breach. These include:
- Lost income from business interruptions
- The cost of repairing hardware/software
- Extortion money required by a hacker
- Loss of transferred funds
- Public relations costs, such as notifying employees and clients about a data breach
- Losses from corrupted or stolen electronic data
- Reputation management expenses after a cyberattack
The precise coverage and liability amounts vary by provider and by policy.
What Does Third-Party Cyber Liability Insurance Cover?
Third-party cyber liability insurance is mostly designated for legal claims. Coverage may include:
- Fines and fees from regulatory organizations
- Negligence claims
- Network privacy and network liability claims
- Breach of contract claims
- Libel, slander, defamation, copyright infringement, and other media liability claims
Preventive and Reactive Coverage
Some cyber liability policies include risk mitigation services to help prevent cyberattacks. The insurance provider will evaluate policies, software and hardware to check for potential areas of weakness. Additionally, some insurance plans cover credit monitoring and fraud prevention before/after a cybersecurity incident occurs. They may also offer a hotline for customers affected by a breach.
What Does Cyber Liability Insurance Not Cover?
Since each policy is unique, it’s important for business owners to carefully review their coverage before getting cyber liability insurance. Here are some losses typically not covered by cyber liability:
- Property loss, such as a computer stolen during a cybersecurity incident. This loss would need to be filed under the property insurance of the business
- Robbery, theft, and other criminal activity usually covered by a ‘commercial crime’ policy
- Property damage, bodily injury, and other incidences covered by general liability insurance
- Expenses that exceed the coverage limits on the policy
Some cyber liability insurance covers social engineering, where an employee is tricked into transferring a company’s funds to another party. However, this is not included in all policies. It may be available as an add-on to a policy for an additional fee.