Cyber Liability Insurance:

Protect your business from cyber risks

Cyber liability insurance protects your business from financial losses that may occur due to cyber security breachesBusinesses keep track of personally identifiable information (PII) such as address or credit card number of employees or clients. However, with the growing concern of cyber-attacks, this information is vulnerable to identity theft. According to Verizon, 43% of total cyber attacks hit small businesses in 2019. Cyber threats may be lurking around the corner, regardless of the size of your business. Therefore, having a contingency plan is always a good idea. 

It takes years to build your business and gain the trust of your clients. Nevertheless, a single data security breach or cyber-attacks is enough to harm your firms’ reputation. ITRC reported a 17% increase in data breaches as of 2019.  

Here, we will discuss about the cyber liability insurance and the coverage it provides to your business.

    In this article

    What is cyber liability insurance?

    Cyber liability insurance covers expenses as a result of a cyber-attack. It is designed to mitigate cyber risk exposure by redeeming costs of recovery. The World Economic Forum reported that cyber-attacks and data fraud and theft are the significant business risks. Thus, it is crucial to analyze the risks of your business to come up with necessary solutions 

    Common business risks 

    Here are some of the cyber security risks your business may have to face. 

    1. Phishing: Cybercriminals send an email to convince users to click misleading links. These scammers try to access your business computer system and download sensitive information. Furthermore, SANS Institute states that spear phishing is the cause of 95% of all attacks on enterprise networks. 
    2. Ransomware: Cyber attackers can get ahold of the files, and demand ransom to restore data. Moreover, even if you make the payments, there is no guarantee that they will restore or redeliver your data.  
    3. DDoS attack: Distributed Denial of Service (DDoS) attack occurs when attackers overflood a website with traffic. Consequently, it makes website access impossible for legitimate users. 
    4. Hackers: If you do not have robust cybersecurity, hackers can get access to confidential information. Furthermore, they can breach the data and misuse the financial information of your business. 

    The costs associated with cyber liability can be massive. Some of the expenses your business may have to incur as a result of cyber-attacks are as follows:       

    1. System recovery: The cost of repairing and replacing the computer system can be expensive for your business. Additionally, your business might have to bear business interruption cost. 
    2. Lawsuits: Your clients may sue your business for your negligence on loss of clients’ confidential information. As a result, it includes legal settlement expenses and fees for the legal attorney.    
    3. Regulatory fines: Cybersecurity laws exist at both the federal and state levels. Hackers can release confidential information in public. In such cases, you are required to pay regulatory fines.  
    4. Notification expenses: After the cyber-attack, you need to notify your clients and employees immediately. However, notification expenses can be quite costly if you serve a large market.   
    5. Restoration costs: Cyber-attacks can lead to the loss of electronic data. As a result, your business has to incur expenses to restore those data.
      Cyber liability insurance may not protect from cyber risk, but the policy can help to recover financial losses of your business.

      What does a cyber liability insurance cover?

      Your business owners policy can cover the loss as a result of a computer virus or hardware failure. However, if you don’t want to worry about cybersecurity threats for your business, you might want to consider a stand-alone cyber liability policy. 

      Cyber liability insurance provides two types of coverage. First-party coverages pay for direct expenses incurred as a result of the breach, and third-party coverages offer legal defense and settlement costs.  

      First-party coverages include: 

      1. Investigation 

      A cyber insurance policy provides forensics investigation expenses. It includes the cost of hiring a third-party security firm to identify the cause of the incident. Moreover, this coverage can help to understand the loophole of security system and prevent future cyber-attacks.  

      2. Notification costs 

      Cyber liability covers the cost of communicating data breach to clients and employees. Moreover, it also bears the financial burden of identifying a cybercrime victim. The notification process also include cost of setting up a call center for prompt action. For example, hackers can attack the computer system and expose confidential information to the public. If you have cyber liability coverage, it bears the expenses such as identifying the victim and notifying them about the incident.   

      3. Business interruption 

      If your computer system gets damaged as a result of malware, your business may fail to conduct regular operations. In that case, cyber liability insurance indemnifies your loss of business income. CSO has mentioned that the average cost due to business interruption has increased to $12,07,965.  

      4. Cyber extortion 

      Hackers or cyber attackers can threaten to damage your data or release the confidential data of your clients unless you provide them a hefty amount. Statista reported that ransomware accounted for 24% of total cyber insurance claims. First-party coverage can compensate for the ransom payment to release information or malicious code. 

      5. Damage to electronic data 

      If the computer systems are hacked, or programs are damaged, the policy pays to restore or replace electronic data. However, the perils should be a hacker attack, a virus, or a denial of service attack.  

      6. Credit monitoring 

      Cyber liability insurance offers credit monitoring service immediately after the breach of PII of customers or employees. The coverage includes the cost to monitor the one-year credit history of the victims. If identity thieves use credit card information to make illegal purchases, credit monitoring services notify clients about the changes. 

      Third-party coverages include: 

      1. Network security 

      Cyber insurance protects your business in the event of network security failure. It consists of claims against your firm for errors or omissions, unauthorized access, or negligent acts that led to a security breach.   

      2. Privacy liability 

      Information of customers and employees can be sensitive or confidential. Cyber threats can not only violate the privacy of such data but also expose your business to liability. If you are responsible for the breach of data, privacy liability insurance provides coverage for legal expenses and regulatory fines.  

      3. Media liability 

      Media liability insurance policies cover legal costs and settlement costs if your clients sue your firm. It protects against intellectual property infringement claims. The cause of the lawsuit can be an invasion of privacy, acts like libel or slander, or domain name infringement.      

      4. Regulatory proceedings 

      If you break laws related to cybersecurity, then legal authorities can charge you with fines or penalties. Ordinarily, cyber insurance pays the fine imposed on your firm and the cost of hiring an attorney to assist in regulatory proceedings.

      What are some endorsements for cyber liability insurance?

      You can add coverages to your cyber insurance policy so that it fits your business needs. Some of the endorsements for cyber liability insurance are as follows:  

      1. Social engineering: Cybercriminals can trick your employees into transferring your company’s fund. They send phishing emails which can do real damage to company’s cash flow. However, social engineering coverage can protect your business from fund transfer situations.   
      2. Bricking: Cyber-attack or malware can make the computer system useless. This policy covers the replacement cost of hardware.   
      3. Reputation recovery: It redeems the expenses of hiring legal or public relations consultants. This add-on can help restore your company’s lost reputation.
      Cyber liability insurance may not protect from cyber risk, but the policy can help to recover financial losses of your business.

      What policies do cyber liability insurance not cover?

      You need to know that cyber liability insurance only covers the specified perils. Here are some common exclusions for cyber insurance: 

      1. Loss of property: Cyber liability insurance does not cover the loss of property. You can claim commercial property insurance to reimburse the loss of electronic devices. 
      2. Bodily injury or property damage claims: Cyber liability policies won’t protect allegations of bodily injury or property damage. Consider general liability insurance to protect your business from such claims. 
      3. Loss of intellectual property: Cyber insurance is geared mostly for clients and employee databases. If you lose your intellectual property, it does not come under cyber liability coverage.   
      4. Risk mitigation costs: You can upgrade internal technology system of your business to mitigate cyber risk. Nonetheless, cyber insurance will not reimburse risk mitigation costs. 
      5. Loss of future revenue: Cyberattacks can hinder the future income of your business. However, cyber liability policy does not indemnify such loss. 
      6. Criminal activity: Cyber liability policy excludes the loss due to criminal activity. Such activity includes fraudulent fund transfer, robbery, or employee theft.   

      Some of the insurance policy in which you can add cyber liability coverage are as follows: 

      1. Engineer insurance 
      2. Hotels insurance 
      3. Consultant insurance 
      4. Photography insurance 
      5. Church insurance 
      6. Contractors insurance 
      7. Entertainment insurance 
      8. Nonprofit insurance 
      9. Pet business Insurance 

      What factors determine the cost of cyber liability insurance?

      The cost of insurance policy depends on the coverages you choose for your business. But there are some major factors that determine the cyber liability insurance cost. They are:   

      1. Data: Business stores information about their clients and employees in their computer system. The size and the type of such data can determine the premium of cyber insurance. 
      2. Security system: The security system also influences the cost of the policy. For example, if a few authorized employees handle the computer system, the premium may be low. 
      3. Industry: The type of industry your business is in also determines the cost. For instance, if your business is related to technology, then the premium will be comparatively higher. 
      4. Customer base: The number of customers of your business can influence the premium of cyber insurance. For example, you might have to consider more coverage to serve a higher customer base. 
      5. Revenue: The revenue earned by your business can also determine the premium amount. If you have adequate earning, you can opt for more coverage.  
      6. Claim history: If your company has previously claimed insurance, then the premium of the new policy may be higher. 

      Common cyber liability claims examples

      Some of the examples of cyber liability claims are as follows: 

      1. A part-time worker in a hospital unintentionally distributes a patient record via mail to his co-workers. Soon, the patient finds out about the incident and sues the hospital. In this case, privacy liability policy of your cyber liability coverage can pay for the legal defense cost.  
      2. A hacker releases the personally identifiable information of the customers of the restaurant. The incident may expose the business owner to a $50K or more regulatory fine. Fortunately, cyber liability insurance will cover his financial loss.  
      3. A software development company becomes a victim of Locky, a type of ransomware. It tricks the employees into installing the files and transfers the critical data of the company. Furthermore, the hacker charges 100 thousand in exchange of data. Since the company was insured, cyber extortion coverage redeemed the payment.

      Frequently Asked Questions (FAQs) on cyber liability insurance

      Does your business require cyber liability insurance?

      If your business handles personally identifiable information or have any IT-related services, you should consider purchasing cyber liability insurance.

      Why do you need cyber liability insurance?

      Cyber risk can expose your business to a privacy violation and lawsuits. If your business stores data of clients or employees, cyber insurance can save you from financial loss. Data Insider has stated that a company might have to pay $ 8.19 million on average for a data breach incident as of 2019. Therefore, consider cyber liability insurance to prevent financial losses of your business.

      What is the difference between cyber liability insurance and data breach insurance?
      Cyber liability insurance covers financial losses due to cyber-attacks, whereas data breach insurance indemnifies loss due to breach of PII. Similarly, cyber liability insurance also covers third-party liability claims. Data breach insurance does not cover such claims. For example, if the hacker releases your clients’ data, data breach insurance can serve to investigate the incident or compensate lost business income. However, this policy cannot indemnify legal claims your clients may file.
      How much cyber liability coverage do I need?
      The amount of coverage depends on cyber risk exposure. Typically, the higher the cyber risk, the higher the need for coverage. You might want to request a quote to know the exact coverage required for your business. For example, if you are involved in the software development business, cyber liability coverage is a must.
      How can your business mitigate cyber risk?

      You can mitigate cyber risk through staff education, encryption, and password policies. However, cyber-attacks are unpredictable incidents that even a reliable security system may be unable to defend. According to The New York Times, the security breach on computer network of Facebook exposed the personal information of nearly 50 million users. The attackers gained access to users account and took control of them. Therefore, cyber liability insurance can be the best way to your business.

      Will cyber liability coverage include data stored in the cloud?
      It is the shared responsibility of you and your client to protect the data stored in the cloud. In case of a breach, the policy will provide coverage regardless of where the data was stored. But the main question is about who is responsible for the data breach. You should make sure your customers know where their data is stored. Also, ensure that your cloud vendor has cyber insurance to cover the loss, if they are at fault. It is because the contractual agreement between you, your clients, and the cloud vendor can affect the amount of coverage.
      Cyber liability insurance may not protect from cyber risk, but the policy can help to recover financial losses of your business.