Like many businesses, your firm uses computers, a network, and portable devices to send, receive or store electronic data. Such data includes client communication, billing, confidential personal and corporate documents, tax records and other information owned by your business or clients. If the data is lost, stolen or damaged due to a security breach, it could be very costly to replace or restore.
Your computer system also contains sensitive data that belongs to other parties such as customers, employees or vendors. If the data is lost or compromised by a hacker while in your care, custody, or control, the owners might sue your company for damages. Your firm could also incur substantial notification expenses. States have privacy laws requiring businesses to inform individuals whose personal information has been compromised in a data breach. You can protect your business against the costs associated with data breaches by purchasing a cyber liability policy.
What Is Cyber Liability Coverage?
Cyber liability insurance covers financial losses that results from data breaches and other cyber events. Most cyber policies include both first-party and third-party coverages. Some coverages may be included automatically while others are available to be purchased separately or by endorsement to the policy.
First-party coverages pay expenses your firm directly incurs as result of the breach, such as the cost of informing your customers, business interruption, and/or system damage and data recreation. Third-party coverages apply to claims against your firm by people or companies that have been injured as a result of your actions or failure to act. For instance, a client sues you for negligence after their personal data is stolen from your computer system and released.
First Party Coverages
Here are the types of first-party coverages you are likely to find in a cyber liability policy. These coverages may be subject to a deductible.
- Loss or Damage to Electronic Data – Covers the cost to replace or restore electronic data or programs damaged, destroyed or stolen in a data breach, whether the data belongs to your firm or someone else. Losses must result from a covered peril such as a hacker attack, a virus, or a denial of service attack. Policies will many times cover the cost of hiring forensic experts or consultants to help preserve or reconstruct data.
- Loss of Income & Extra Expenses – Covers income losses you suffer and extra expenses you incur to avoid or minimize a shutdown of your business after your computer system fails due a covered peril. Some policies cover contingent or dependent business interruption losses. These are income losses you sustain when your network provider’s system or vendor has been breached.
- Cyber Extortion & Ransomware – Applies when a hacker breaks into your computer system and threatens to commit a nefarious act like damaging your data, introducing a virus, initiating a denial of service attack, or releasing confidential data unless you pay a ransom. Coverage typically extends to any extortion payment you make and expenses you incur in responding to the demand.
- Notification Costs – Covers the cost of notifying parties (voluntarily or as required by law) affected by a data breach. May also include the cost of providing credit monitoring services and establishing a call center.
- Damage to Your Reputation – Many policies cover costs you incur for marketing and public relations to protect your company’s reputation following a data breach. This coverage may also be called Crisis Management.
Every cyber liability policy has unique terms that are explained in the Definitions section. To understand the policy, you need to know what those terms mean and refer to your own specific policy.
Third-Party Liability Coverages
Coverage typically applies to damages or settlements that result from covered claims as well as the cost of your defense from claims brought by an outside third party for their alleged loss. Note that defense costs may reduce the limit of insurance.
- Network Security & Privacy Liability – Covers claims against your firm for negligent acts, errors or omissions that result in a denial of service attack, unauthorized access, introduction of a virus, or other security breach of your computer system. Also covers claims alleging you failed to properly protect sensitive data stored on your computer system. The data may belong to customers, clients, employees or other parties.
- Electronic Media Liability – Electronic media liability insurance covers lawsuits against you for acts like libel, slander, defamation, copyright infringement, invasion of privacy or domain name infringement. Generally, these acts are covered only if they result from your publication of electronic data on the Internet.
- Regulatory Proceedings – Covers fines or penalties imposed on your firm by regulatory agencies that oversee data breach laws. Also covers the cost of hiring an attorney to assist in your response to a regulatory proceeding.
Cyber Crime Coverages
In protecting your firm, it is imperative to not only purchase coverage to protect from loss or data and system damage but to provide coverage for theft of money and securities. Similar to the coverages surrounding loss of data, cybercrime should cover both your firm’s loss and certain losses by a third party or clients connected with your firm. Many cyber policies can be purchased without cybercrime coverages, so it is important to request crime coverage be included on your cyber policy.
Coverage should include funds transfer fraud, computer fraud, social engineering, phishing, invoice manipulation, telecommunications fraud, client funds held in your control, and/or the diversion of third-party funds. Carriers will put a sub-limit on the crime coverage reducing coverage for crime so ask for the maximum limits as these limits are typically negotiable.
Conclusion
Cyber liability policies protect your business from claims and expenses resulting from a data breach. Policies aren’t standardized and contain unique terminology, definitions and coverages that can be amended or changed. Most policies are flexible in many areas and can be customized to fit your business. If you need help navigating a policy, ask your agent or broker for assistance.
