Cyber - Privacy Breach Insurance at a Glance

First-party coverage available includes:

  • Forensic investigation. Covers the legal, technical or forensic services necessary to assess whether a cyber attack has occurred, to assess the impact of the attack and to stop an attack.
  • Business interruption. Covers lost income and related costs where a policyholder is unable to conduct business due to a cyber event or data loss.
  • Extortion. Provides coverage for the costs associated with the investigation of threats to commit cyber attacks against the policyholder's systems and for payments to extortionists who threaten to obtain and disclose sensitive information.
  • Computer data loss and restoration. Covers physical damage to, or loss of use of, computer-related assets, including the costs of retrieving and restoring data, hardware, software or other information destroyed or damaged as the result of a cyber attack.
  • Theft: Covers destruction or loss of the policyholder's data as the result of a criminal or fraudulent cyber event.

Third - party coverage includes:

  • Litigation and regulatory. Covers the costs associated with civil lawsuits, judgments, settlements or penalties resulting from a cyber event.
  • Regulatory response. Covers the legal, technical or forensic services necessary to assist the policyholder in responding to governmental inquiries relating to a cyber attack, and provides coverage for fines, penalties, investigations or other regulatory actions.
  • Notification costs. Covers the costs to notify customers, employees or other victims affected by a cyber event, including notice required by law.
  • Crisis management. Covers crisis management and public relations expenses incurred to educate customers concerning a cyber event and the policyholder's response, including the cost of advertising for this purpose.
  • Credit monitoring. Covers the costs of credit monitoring, fraud monitoring or other related services to customers or employees affected by a cyber event.
  • Media liability. Provides coverage for media liability, including coverage for copyright, trademark or service mark infringement resulting from online publication by the insured.

Why You Need Cyber Liability Insurance

Cyber hacking is big business, and no one is safe. Not individuals, not small businesses and not large corporations. All of your data including the names of your customers, their contact information and the social security numbers of your employees are valuable information to a cyber-hacker. Unfortunately, your business and standard property insurance does not cover your most important asset, but cyber liability insurance does.

Even a business interruption insurance policy will not come to your rescue if your systems fail because of a malicious employee, computer virus or a hack attack. Identity theft, telephone hacking and phishing scams are very real possibilities and not covered by traditional business interruption policies. Cyber insurance will cover for loss of profits because of a system outage that is caused by a non-physical peril such as a virus or attack.

You can be held liable if you lose your third party data. You may offer non-disclosure agreements and commercial contracts that contain warranties about security. If your data is breached, you could have expensive damage claims. There are severe penalties for losing credit card data. Merchant service agreements mean that you will be responsible for the expenses of forensic investigations, credit card reissuance costs and the fraud conducted on the stolen cards. Cyber insurance will protect you against most of these expenses that could run into hundreds of thousands of dollars.

In the U.S., most states have breach notification laws, and other countries are following suit. To comply with these laws takes time and money in the event sensitive personal date is lost. Written notification needs to be sent to those individuals who have been affected. Even if there is no law yet, a reputable company that protects its brand will provide breach notification. Cyber insurance could also cover regulatory fines or penalties.

Social media sites expose information at light-speed with little control. Your business site as well as your employee’s activity on these sites can trigger liability, if your business is responsible for the sites. Defamatory statements, leaked information and copyright infringement can all be covered with a cyber insurance policy. It may also cover the cost of a public relations firm to repair any damage done to your brand. It is becoming more and more likely that your business reputation will suffer from a cyber security breach. Losing the trust of your customers can be much more damaging than the financial loss you will incur to repair the effects of the breach.

When you look into cyber insurance, make sure all instruments are covered including laptops and mobile phones. Portable devices make it much easier to store and lose information. For example, a missing USB stick, a stolen iPad or a laptop left in a taxi are all real possibilities and, for a hacker, a goldmine. There are viruses being built just to attack mobile devices. Cyber insurance will cover stolen, lost or virus infested mobile devices. You can work with your insurance provider to integrate cyber liability insurance with your regular business insurance and employment liability policy.


A good insurance carrier will help you with risk management

It is in their best interest to make sure you have all the protection in place that is possible. They can make sure a firewall in in place to protect the network and help you select social media policies that reduce risk. Even if your data is stored in the cloud, you are still liable for breach. You cannot control how a cloud provider handles your data, and they do make mistakes. Your cyber insurance will protect you from this.

Large corporations may have risk management budgets, but small companies usually don’t. They may not have the financial means to not only pay for the fees and lawsuits that come with privacy breach or data loss, but also to stay afloat throughout the process. Most hack attacks target businesses with less than 250 employees.

Cyber liability insurance has been available for about 10 years. However, it is very rarely purchased. The data and information of a business is worth much more than the equipment on which it is stored. This will change as insurance companies understand the risk responsibilities and consumers understand the risk transfer benefits.