What to know about cyber liability insurance
Have you ever considered how much a cyber incident could potentially cost your business? As criminals are more advanced in their techniques and tactics, the likelihood that your business will be the victim of a compromise continues going up.
According to the FBI’s Internet Crime Complaint Center’s Internet Crime Report 2020, the total losses for businesses reporting complaints was more than $4.1 billion.
The average cost per attack was $380,000 per incident, and the survey found on average, organizations were reporting 22 security breaches a year.
All of this might have you wondering what you can do.
Along with using the best protections and training your employees on potential risks, cyber liability insurance is an added layer of protection you might want to think about implementing.
The following are essential things you need to know about cyber liability insurance.
What is cyber liability insurance?
Cyber liability insurance covers the losses you might face if your business is the victim of a cyber event or data breach.
There’s wide variance in the policies themselves, and most policies include a combination of first- and third-party coverage.
First-party cyber coverage would usually cover any out-of-pocket expenses that a business directly incurs because of a data breach. Third-party coverage might apply to the damages your business sustains due to something like a settlement that you’d have to pay because of a lawsuit for injuries arising from your failure to act or your actions.
For example, you could potentially be sued if a data breach led to your client’s personal health or financial information being stolen and released.
Specific things that cyber liability coverage might include are:
- The costs of interruption to the day-to-day operations of your business
- Investigations
- Data loss
- Recovery costs
- Amounts of extortion
- Crisis and reputational management
- Regulatory penalties
Coverage for breach costs
Below we go into a little more detail about what the first-party coverage could entail in a cyber liability policy, which is meant as a way to reimburse your business for the costs you’ve already had to pay.
- Data restoration: A policy might offer coverage to restore or replace your data, programs, and software destroyed by a hacker, denial of service (DDoS) attack, or a virus, as examples.
- Income loss: You might have coverage for the loss of income that your business has to deal with and any additional expenses that arise as you’re trying to restore your operations following a cyberattack-induced shutdown. You might have a policy covering losses because your vendor or distributor is affected by a data breach.
- Ransom: Ransomware attacks have gone up around 500% since the start of the coronavirus pandemic, so this particular area of coverage might be of interest to you. If you choose a policy that covers cyber extortion or ransom, it will pay the hacker who breaches your system. You may also have coverage for expenses like the cost of hiring an expert who negotiates with the attacker.
- Costs of notification: When your business is the victim of a cyber breach or attack, you’re obligated to inform key stakeholders and affected people. There are state laws requiring you to let people know when their information is impacted, which can cost money. You might choose a policy that will also cover the cost of providing credit monitoring service to the people affected by your breach.
- Brand and crisis management: The costs of a breach go well beyond the loss of data or the immediate financial repercussions as you may well know. It can be very damaging to your brand, and some cyber policies include provisions for hiring an attorney, public relationships expert or a forensic accountant.
What’s not covered?
As is the case with any type of insurance, there will be exclusions to a cyber liability policy, and you need to read the fine print carefully.
Typical exclusions are bodily injury and property damage, contractual liability, and war and terrorism. You’re probably not going to have coverage that will pay for you to restore your systems to a better level of functionality than they were beforehand, either.
The pros and cons
In the modern and digitally driven era, it’s pretty likely that the pros of cybersecurity coverage and cyber liability insurance will outweigh the cons, but still, as with any business decision, you want to have an idea of the good and the bad.
The pros of coverage include:
- Of course, this is obvious, but you have coverage for a data breach.
- You may have some level of reimbursement for business interruption.
- You can recoup losses due to extortion.
- You may have access to funds for legal support.
It’s not likely to be something that goes unused.
The cons of the coverage include:
- The biggest downside can happen if you don’t fully understand your policy and have adequate protection, maybe even if you think you do. You might believe you are prepared, only to find out you aren’t. For example, only around 64% of businesses have coverage that includes ransomware, yet ransomware might be the top reason you want coverage to begin with.
- It’s not always a good thing to pay the ransom, but that’s a decision that tends to have to be made on a situation-by-situation basis.
- Cybersecurity coverage can be expensive. The string of costly ransomware attacks in recent years has led some premiums to go up by as much as 25%.
- It can be hard to get buy-in for the purchase from some executives and business leaders because they may not fully understand the need for a proactive cybersecurity measure like that.
It’s something that more and more businesses will have to decide on in the coming months and years, but in doing so, they can’t assume complete protection, nor can they skip the fine print. Thinking you have coverage for something and paying a high premium only to find out you’re not covered may end up being worse than not having coverage at all in some cases.