Everything You Need To Know About Cyber Liability Insurance
The world today is becoming more and more digital. We communicate, keep records, even buy and sell goods and services online. All that data being stored online means more opportunities than ever for cybercriminals to hack into and access systems they shouldn’t. Cyber security measures are more critical than ever. That includes having cyber liability insurance.
In this article, we’ll cover everything you need to know about cyber insurance, including what it is, how it works, and what it does and doesn’t cover.
Ready to learn more about cyber insurance and whether it’s right for you or your business?
Let’s dive in.
What Is Cyber Liability Insurance?
Cyber insurance is usually offered to businesses rather than private individuals, though in some cases, it may have value for individuals as well. The primary purpose of cyber liability insurance is that the plan helps your business recover from the effects of a cyber security breach, including helping provide resources to track down and isolate the breach and paying out for lost income because of a breach. Many policies also help cover the costs of legal fees or lawsuits against your company that happen because of a cybersecurity breach.
Some cyber insurance companies also offer additional services to their customers, such as cyber security consultations or monitoring. Usually, those services are separate from the policy itself and come at an additional cost to the consumer. However, since they can help prevent the damages caused by a breach, these cybersecurity services are worth considering.
Good cyber insurance will cover just about any liability you incur from a cyber breach, no matter how big or small, but it’s important to read the fine print to make sure there aren’t rules about when your policy kicks in or ways you can accidentally breach the terms and conditions.
What Does a Cyber Liability Insurance Policy Cover?
Cyber liability is a protection for businesses when their data and records are breached. That includes a wide range of possible liability, costs, and damages resulting from a cyber-attack. It’s different from general liability insurance since, unlike most other insurance policies, this kind of policy protects your digital data and resources instead of your physical property.
Here are a few of the additional actions cyber insurance companies may offer as a part of their insurance plans:
- Inform your company when a cyber breach occurs
- Help recover identity information for anyone affected by the breach
- Protect/repair affected computer systems
- Help to recover the affected data
- Cover the cost of legal liability from security breaches
- Help close cybersecurity vulnerabilities
Every company and every policy is different, but these are some of the most common coverages.
Of course, you still need a sound cybersecurity plan in place if you want to succeed.
What Does Cyber Insurance Not Cover?
While many business cyber security offerings are reasonably comprehensive, they don’t cover everything. Here are some of the costs you can’t expect your cyber insurance company to cover in the aftermath of a security breach:
Ongoing profit loss
Many insurance policies cover lost profits if your data or systems are non-accessible during an attack but won’t cover your losses after the attack is dealt with. That means that if you lose customers in the weeks or months after a breach, your insurance won’t cover that lost income.
Intellectual Property
Intellectual property compromised in a cybersecurity breach can often be a severe loss for your company. Unfortunately, this is one area cybersecurity insurance doesn’t tend to cover. If your business secrets or intellectual property are compromised in the attack, you’ll have to deal with that on your own.
Third-Party Mistakes
If you work with a 3rd party cybersecurity company, your insurance policy probably won’t cover their mistakes. That can be a huge problem if your security company fails to push an update or leaves a known vulnerability unprotected since your insurance may use those mistakes to invalidate your claim. That is why choosing a cybersecurity partner you can trust is so important.
Are you looking to partner with a cybersecurity company you can trust? Contact Edge Networks today.
Hardware Costs
If your company is the victim of a breach that damages your physical hardware, damaging hard drives, for instance, the insurance company usually won’t cover the physical costs of the repair. They may cover the cost of recovering your data from damaged hardware, but you’re on your own for replacement.
Reputation Damage
While a business’s reputation is widely recognized as a part of its value in the market, most cyber insurance companies don’t cover lost value because of reputation damage.
Like any other kind of insurance policy, it’s important to know everything that is and is not covered in your policy. These are just some of the most common examples. Some insurance policies may cover these kinds of situations, while others may have other policies that aren’t covered that we haven’t mentioned.
It’s often worth paying for an upgraded insurance policy if you need something that isn’t included in a more basic version of the policy.
Cyber Liability Insurance Requirements
A good cyber insurance policy should have certain coverage areas and meet specific requirements before you consider it.
Here are some of the requirements of a good cyber insurance policy and what you should look for when you’re comparing plans:
Business Interruption
Other than helping pay for the costs of a breach itself, this is one of the most basic kinds of protection you can get from cyber insurance. This kind of coverage helps cover the cost of lost profits from a business interruption, so your company won’t be as heavily impacted by the hacking attempt.
Some policies cover ongoing business interruptions, while others only kick in for any time your business is unable to operate. That means that you may only get partial reimbursement for lost profits if some aspects of your business are still functioning as usual.
Legal Liability
Personal data breaches are taken very seriously and are often respected in the courts. That means that businesses that suffer a breach may also be held liable for any personal information about employees, clients, or customers involved in the leak.
Cyber insurance companies usually help cover the costs of these lawsuits, regardless of the suit’s outcome. Some companies may also offer legal assistance or help your business find qualified representation to help handle legal cases resulting from a breach.
Social Engineering Protection
Social engineering is a way of getting login information or other personal details out of people without hacking into any systems or exploiting software vulnerabilities. A skilled social engineer can learn everything they need to log in legitimately in just a few exchanges.
A good cyber insurance policy covers breaches caused by social engineering and may also provide social engineering prevention changes to help make an attack less likely.
Electronic Media Liability
Electronic media liability is increasingly becoming another way bad actors online can affect a company, even without data breaches or other more direct actions against them. Advertisements and other electronic media that present your business in an untrue way, to the detriment of your company, can be covered under this policy.
This kind of protection is almost like protecting against the damage from online libel. It’s rare for this kind of liability to come into play, but it can be important protection when you need it.
This policy helps companies deal with the problem media and cover the costs of pursuing action against the people causing the problem.
Cyber Liability Insurance Claims Examples
Cyber attacks come in a wide range of circumstances. Since many people don’t know what a cyber attack looks like, here are some theoretical examples to help.
Cyber Liability Insurance Claims Example #1:
Company A has an internal IT team, a good firewall, and other protections on their system. They think they are safe but can’t push an operating system update immediately because it may compromise some of the data and programs they use every day.
Unfortunately, Company A is hit with a virus that locks employees out of the system and may be causing other harm in the background. They are told that their data is being held ransom until they make a payment, under specific circumstances, to get access to their computers again.
Thankfully, Company A has cyber insurance and can recoup the costs of the attack. While they have to pay the ransom to prevent their data from being erased, they can isolate and eliminate the virus from their systems and implement preventive measures to avoid future attacks.
Cyber Liability Insurance Claims Example #2:
Company B is a small family business that’s thriving in the suburbs. Profits are up, and they are thinking about expanding their business or buying a bigger space. As part of their search for locations, the business owners do a lot of searching for bigger retail spaces in their area and come to the attention of a social engineer.
The engineer calls their business, pretending to be a realtor asking if they’d like to do business together and offering to help them find the perfect new location. Over the course of the conversation, the social engineer manages to get the personal information they need to reset the business owner’s passwords and guess their username.
The social engineer logs in and posts personal customer information online for sale, and several customers are hit with false charges on their credit cards before the problem is discovered.
Company B changed usernames and passwords but is still recovering from its damaged reputation and the financial loss of several customers after the breach made the local news.
Cyber Liability Insurance Claims Example #3:
Company C was the victim of a cyber security attack that was successful about a year ago. While they were able to get the attack cleaned up fairly quickly, some customer and employee information was leaked, and several people were at risk of identity theft and credit card fraud.
Company C has an extensive cyber security policy because their company is a frequent target for cybercriminals, and the policy covered this attack. They were able to recoup the costs of the attack, and the insurance helped pay for identity theft protection for the affected individuals. Because they helped pay identity theft protection, Company C avoided several lawsuits over the breach and hasn’t suffered much reputation damage.
Why Should Invest in Buy Cyber Liability Insurance?
Many people recognize that cyber insurance is important for big companies with a lot of digital information to protect but are surprised to learn its importance for smaller companies.
Cyber insurance becomes essential whenever you have personal information stored in your business databanks, but it can be important even before that. Here are some basic ways to tell if you need cyber insurance and what level of protection is necessary.
Your Business Stores Important Information Digitally:
Even if you also have hardcover backups, your business may need cyber insurance if you store critical business or personal information on the cloud. The more information you store, the more crucial cyber insurance becomes.
Personal Information Is Protected In Your Industry:
Healthcare, educational, and legal companies all have higher standards of protection required for information. If you work in one of those industries or have other information protection requirements, it is a good idea to have a good cyber insurance plan.
You Don’t Have A Cyber Attack Plan:
Some companies can provide their own protection and understand cyber security well enough that cyber insurance is less important. But if you don’t have a plan for what your business would do if you had a cyber-attack today, you should probably consider cyber insurance.
Want to get started on planning your company’s incident response? Check out our guide (including a FREE Incident Reponse Plan Template).
You Don’t Know How To Protect Your Business Information:
You may be aware that your business’s data needs protection, but knowing what level of protection you need is a different matter. Having a good cyber insurance policy can help cover any accidental gaps left in your cyber insurance plan.
You Don’t Have The Finances To Cover A Breach:
One way to decide if you need cyber insurance is to think about the realistic costs of a cyber breach. Cyberattacks have targeted as many as 50% of small businesses in the U.S., and this number is only increasing. If your business wouldn’t survive the full cost of a successful cyber attack, cyber insurance was designed for you.
Conclusion
If you’re still on the fence, you should talk with your business’s cyber security team and see if they think cyber liability insurance would be an excellent addition to your cybersecurity plan. Do they think you are relatively safe against a cyber attack?
Contacting an insurance agent is another good idea. They’ll be able to evaluate your need, risk factors, and current setup to see if cyber insurance is a good option for you.
You may find that you want to prevent a data breach before disaster strikes. In that case, many 3rd party cyber security firms, like Edge Networks, offer evaluation services and can rate your current security strengths, needs, and weaknesses. To learn more about the health of your business’s cybersecurity, take our free, self-guided IT security risk assessment today, or contact us to schedule a free 30 minute consultation.
