As we all know technology, social media and business transactions over the internet are a key role in how most businesses function today. Those vehicles also serve as gateways to cyber attacks. Whether launched by run-of-the-mill hackers, criminals, insiders or even nation-states, cyber attacks are likely to occur and can cause moderate to severe losses for organizations large and small.
It is More Affordable Than You Think.
I’ve seen policies with premiums as low as $2,000 a year, though it can go up from there. You can get coverage as high as $30 million and deductibles as low as $10,000, depending on your needs and what you’re willing to pay. Cyber liability insurance is still a fairly new concept, so there’s a lot of variation among policies, and a lot of room for negotiation.
What is Cyber Insurance?
A cyber insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), is designed to help an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event. With its roots in errors and omissions (E&O) insurance, cyber insurance began catching on in 2005, with the total value of premiums forecasted to reach $7.5 billion by 2020. According to PwC, about one-third of U.S. companies currently purchase some type of cyber insurance.
The numbers indicate that organizations are seeing a need for cyber insurance, but what does it cover? Cyber insurance typically covers expenses related to first parties as well as claims by third parties. Although there is no standard for underwriting these policies, the following are common reimbursable expenses:
- Investigation: A forensics investigation is necessary to determine what occurred, how to repair damage and how to prevent the same type of breach from occurring in the future. Investigations may involve the services of a third-party security firm, as well as coordination with law enforcement and the FBI.
- Business losses: A cyber insurance policy may include similar items that are covered by an errors & omissions policy (errors due to negligence and other reasons), as well as monetary losses experienced by network downtime, business interruption, data loss recovery and costs involved in managing a crisis, which may involve repairing reputation damage.
- Privacy and notification: This includes required data breach notifications to customers and other affected parties, which are mandated by law in many jurisdictions, and credit monitoring for customers whose information was or may have been breached.
- Lawsuits and extortion: This includes legal expenses associated with the release of confidential information and intellectual property, legal settlements and regulatory fines. This may also include the costs of cyber extortion, such as from ransomware.
I Already Have Business Liability Insurance, So I’m Covered, Right?
No. Standard business liability insurance policies don’t cover cyber liability, and that probably won’t change anytime soon. Policies and procedures surrounding digital communications change so rapidly that many standard liability insurance companies don’t feel comfortable rolling cyber liability under the same umbrella.
It is possible that the same company you have your business liability insurance with also offers cyber liability coverage, so its definitely worth asking your agent about. Multiple policies with one agency often come with a discount, which can save your business money.
All of Our Customer Data is Handled by a Third Party, So it’s Not My Problem
Unfortunately, it is. If you are asking for information and then storing that information with a third party or in the cloud, you are still legally responsible for keeping it safe. While it’s in the third party’s best interest to protect that data, no data management system has proven impenetrable to security breaches, so no system is infallible. Having cyber liability insurance will at least protect you if your third party host suffers a breach.
My IT Team Handles All of This, Right?
Unless your website is only visited by a handful of people every day, expecting your IT department to be on top of any and all data vulnerabilities and the latest in security protocols is unrealistic. While Fortune 500 companies might have IT departments specifically dedicated to risk assessment, most small businesses can’t afford that. Cyber liability insurance providers can and often do provide a risk assessment function, whereby they review your policies and procedures and work with you to reduce your risk.
In today’s interconnected world, it’s almost impossible to conduct business without using the internet. As a result, the risk associated with data storage and intellectual property has increased and continues to do so. You don’t want to find yourself in a situation where you need cyber liability insurance and don’t have it. Take a close look at your company’s online footprint to determine if cyber liability insurance is right for you.
Most people think if they have a small business, that they are not a target, but that is where they’re wrong. Hackers and people who want to get into your system can do so. Especially with small businesses they don’t have the protection some of the big companies have. If you look at the big attacks that Target, Home Depot, Sony, and these monster companies suffered and they have huge protection within their business, think how easy small businesses are to become a victim.
Most Small businesses don’t have the funds to withstand an attack like this, so really consider giving us a call, and talk to us about cyber liability. I know it is a new upcoming coverage that most people A. don’t think about, and B. don’t think they need, but it will save your business in the long run.
Taylor J. Garcia
Business Insurance Specialist
(626)914-9944 ex: 224