As we all know, technology, social media, and business transactions over the internet are a vital part of how most businesses function today. Trying to run a business without going online is virtually impossible. This is especially true when many employees today working remotely from home.
One issue, however, is that being online makes a business more susceptible to cyber-attacks.
A recent study showed that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion every year. For individual businesses, having a data breach, a DDoS attack, or getting passwords compromised can lead to downtime or even potential lawsuits.
According to data from the National Cyber Security Alliance, one in five small businesses falls victim to cybercrime. Even more terrifying, 60 percent will fold within six months of an attack.
That is why, now more than ever, it is worth considering cyber liability insurance.
What is Cyber Liability Insurance?
Cyber liability insurance helps businesses reduce the risk of financial loss in the event of a security breach.
A cyber insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), is designed to help an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event.
Cyber Liability Insurance was originally part of errors and omissions (E&O) insurance. Cyber insurance began growing in popularity in 2005, with the total value of premiums forecasted to reach $7.5 billion by 2020. Currently, about one-third of U.S. companies purchase cyber liability insurance.
What Does Cyber Liability Insurance Protect Against?
Today most companies share and store sensitive information, and compliance violations can be costly.
Whether you’re dealing with protected data or not, cyber insurance is another layer of business continuity insurance that covers against loss and lawsuits.
Here are some of the costs that cyber liability insurance can help to cover:
- Costs of investigating the incident
- Costs of notifying your clients of the breach
- Costs of assisting your clients after a breach
- Costs of restoring your compromised data
- Costs of business downtime
Cyber insurance typically covers expenses related to first parties as well as claims by third parties.
Although there is no standard for underwriting these policies, the following are common reimbursable expenses:
A forensics investigation is necessary to determine what occurred, how to repair the damage, and how to prevent the same breach from occurring in the future. Investigations may involve a third-party security firm’s services, as well as coordination with law enforcement and the FBI.
A cyber insurance policy may include similar items that are covered by an errors & omissions policy (errors due to negligence and other reasons), as well as monetary losses experienced by network downtime, business interruption, data loss recovery and costs involved in managing a crisis, which may include repairing reputation damage.
Privacy and Notification
This includes required data breach notifications to customers and other affected parties, mandated by law in many jurisdictions, and credit monitoring for customers whose information was or may have been breached.
Lawsuits and Extortion
This includes legal expenses associated with confidential information and intellectual property, legal settlements, and regulatory fines. This may also cover the costs of cyber extortion, such as from ransomware.
How Much Does Cyber Security Insurance Cost?
Cyber Security Insurance premiums can begin from as low as $2,000 a year. Coverage can be as high as $30 million and deductibles as low as $10,000, depending on your needs and your willingness to pay.
Cyber liability insurance is still a relatively new concept, so there’s a lot of variation among policies, and a lot of room for negotiation.
Does Business Liability Insurance Cover Cyber Liability?
The short answer is no. Standard business liability insurance policies don’t cover cyber liability, which probably won’t change anytime soon.
Policies and procedures surrounding digital communications change so rapidly that many standard liability insurance companies don’t feel comfortable rolling cyber liability under the same umbrella.
The same company you have your business liability insurance with may offer cyber liability coverage, so it’s worth asking your agent. Multiple policies with one agency often come with a discount, which can save your business money.
Does Third-Party Data Management Remove The Risk?
Unfortunately, it does not remove the risk. If you ask for customer information and then store it with a third party or in the cloud, you are still legally responsible for keeping it safe.
While it’s in the third party’s best interest to protect that data, no data management system has proven impenetrable to security breaches, so no system is infallible. Having cyber liability insurance will at least protect you if your third party host suffers a breach.
Your IT Team is Not Equipped To Handle Cyber Risks
Unless your website is only visited by a handful of people every day, expecting your IT department to be on top of all data vulnerabilities and the latest security protocols is unrealistic.
While Fortune 500 companies might have IT departments dedicated explicitly to risk assessment; most small businesses can’t afford that. Cyber liability insurance providers can and often do provide a risk assessment function, whereby they review your policies and procedures and work with you to reduce your risk.
In today’s interconnected world, it’s almost impossible to conduct business without using the internet. As a result, the risk associated with data storage and intellectual property has increased and continues to do so.
How To Reduce Your Cyber Liability Risks
As a business owner, you don’t want to find yourself in a situation where you need cyber liability insurance and don’t have it.
Take a close look at your company’s online footprint to determine if cyber liability insurance is right for you.
Most people think if they have a small business, that they are not a cyberattack target. This is one of the main reasons small businesses don’t have the protection some big companies have.
However, if you look at the recent large scale cyberattacks that Target, Home Depot, and Sony suffered, think how easily small businesses are at risk of becoming victims.
Most Small businesses don’t have the funds to withstand an attack like this, so it is worth mitigating the risk with cyber liability insurance.