According to Statista, April 2020 marks the most significant data breach on record, when sales intelligence company Apollo revealed more than 9 billion company and organization data points during a security breach.
Even companies like Yahoo aren’t immune; as in 2016, the company revealed more than 3 billion had been breached—dating back to 2013.
What happens if something like this occurs to your business? What if your company’s at-fault for the breach? I’ll discuss cyber liability insurance and whether or not it should have a place in your business’s arsenal against loss.
What are the Cyber Liability Insurance Basics?
Cyber liability is a new form of insurance that isn’t standardized, and insurers often allow businesses to select the specific coverages they want. In general, though, the insurance is designed to protect companies against financial losses and legal claims resulting from a data breach, virus, or other cyberattacks.
To protect companies directly and third-parties indirectly, cyber liability policies contain two key coverages: first-party and third-party.
What’s the Difference Between First-Party and Third-Party Cyber Liability Insurance?
Despite the name, first-party coverages could apply to your company or another and pay for immediate expenses, such as:
- Loss or Damage to Electronic Data – Pays to repair damaged software or hardware, including data retrieval consultation costs.
- Loss of Income and Extra Expenses – Replaces lost income and other business interruption costs. Some carriers provide coverage if your network provider’s system is hacked (aka, dependent income losses).
- Notification Costs – Cost of notifying parties, including employees and the public, whether voluntarily or legally required. It could also include coverage for credit monitoring services.
- Damage to Your Reputation – You’ll probably need to do some PR work following a cybersecurity threat, and this coverage (sometimes referred to as ‘Crisis Management’) helps pay for related marketing and public relations services.
- Cyber Extortion – If a hacker threatens your data (e.g., virus, DDoS attach, data release, etc.) unless you pay up, this coverage could come in handy.
IHS Pro Tip: Keep in mind that in many instances, first-party coverage under a cyber liability insurance policy is subject to a deductible, which will be outlined in your paperwork.
Third-Party Liability Coverages
The third-party coverages under a cyber liability insurance policy pay for damages, settlements, and the cost of your defense. While these coverages might not be subject to a deductible, per se, they often include a retention, which is a specific amount you must pay before third-party insurance kicks in.
- Network Security and Privacy Liability – If your company’s negligent acts, errors, or omissions result in a virus, DDoS attack, or other unauthorized access, whether to customers, clients, employees, or other parties, this coverage can compensate them for the breach of privacy.
- Electronic Media Liability – Provides coverage if your business publishes electronic data or media on the Internet and is sued for copyright or domain name infringement, libel, slander, defamation, and privacy invasion.
- Regulatory Proceedings – Pays for regulatory agency fines or penalties, including attorney services, if you’re expected to respond to formal proceedings.
- Breach of Contract or Negligence – The cyber liability insurance version of Errors & Omissions.
Is there anything that cyber liability insurance doesn’t cover?
Does Cyber Liability Insurance Come with Any Exclusions?
Many cyber liability insurance carriers require that you maintain appropriate measures to identify and mitigate risk so that you can reduce the likelihood of a data breach occurring in the first place. And if you don’t maintain these measures and a claim arises, the company could deny coverage and leave your company footing a massive bill.
Furthermore, like any other type of insurance, carriers will list exclusions—instances when coverage doesn’t apply—in their policy paperwork, which is why it’s essential to read carefully.
As mentioned earlier, cyber liability policies can vary widely between companies, but here are a few standard policy exclusions:
- Social engineering – Manipulating others’ emotions to convince them to transfer company funds. Note: Some carriers might only limit this coverage, or might require that you add it as an optional (and higher-priced) endorsement.
- Bodily injury and property damage – Coverage falls under a general liability [pending link] policy.
- Criminal activity – While data breaches instigated by others could technically be a crime, cyber liability insurance doesn’t cover other crimes like fraud, robbery, and employee theft, to name just a few. Note: This is the realm of commercial property insurance [pending link].
- Loss of property – Loss to physical assets, such as computers and phone systems, is another area covered under commercial property insurance.
How Much Should You Expect to Pay for Cyber Liability Insurance?
Based on my experience, you might pay less than $500 per year for cyber liability insurance. Or, it could cost tens of thousands, depending on a wide range of factors:
- Industry – Companies that operate mostly (or entirely) online, use multiple servers, store a lot of sensitive customer data, or work in the healthcare or accounting spaces will pay higher premiums.
- Coverage limits – As with any other form of insurance, the higher your policy limits, the more you’ll pay for coverage. For example, if you need $10 million in coverage, you could expect to pay significantly more than a company that doesn’t have as much exposure and only requires $500,000 in coverage.
- Claims history – Companies with multiple claims will likely pay higher rates than those with fewer (or none).
- Data access – If many people in your company have access to sensitive customer data, you could pay higher cyber liability insurance premiums.
- Security – Similarly, installing and maintaining antivirus software, network firewalls, and updated passwords can decrease what you pay.
What’s the Bottom Line About Cyber Liability Insurance?
Although flexible, cyber liability policies are a newer insurance product, aren’t standardized, and contain specific terminology. As such, it stands to reason that you might need some assistance when deciding whether or not the extra expense will deliver even greater value for your business.
This is where the professionals at IHS Insurance Group enter the picture. We can answer your questions and help you get the cyber liability coverage you need at a price that fits within your budget!
Need a FREE Quote or have questions regarding commercial insurance? Please fill out our quick GET A FREE QUOTE form, and an agent will get back to you at your convenience!
We look forward to speaking with you today!