As businesses have migrated electronically and to online platforms, our interconnected world has made us more efficient than ever.
We process more data than ever before, faster than ever before, to remain more competitive than ever before.
But those benefits are not without risks.
Business infrastructures, networks, customers, and end-users are all subject to an unprecedented level of sophisticated intruders who understand the value of accessing data. We live in a world where the terms hacking, phishing, worms, viruses, ransomware, eavesdropping, denial of service attacks, and other similar illicit actions are commonplace.
Big breaches get the headlines.
For example, in 2017, Equifax was hacked, and nearly 148 million consumers’ names, Social Security numbers, birth dates, addresses, and driver’s license information were stolen.
But every business, big or small, is at risk.
Although firewalls, intrusion-detection systems, cryptographic enhancements, antivirus and anti-spam software, and other countermeasures solve many of these problems, there is still a real and credible threat to the cyber frameworks of businesses.
In short, the target keeps moving, making it impossible to create a perfect cyber-security environment.
Still, as a business owner, you need to do everything you can to protect your critical information and minimize your financial vulnerabilities if you are a cyber information victim.
That’s why you should consider cyber liability insurance.
What is Cyber Liability Insurance?
Cyber liability insurance covers financial losses resulting from cyber events that negatively impact your business.
These impacts may include intentional cyberattacks or other tech-related risks. Coverage can protect business owners from lawsuits following an attack or costs associated with privacy and security investigations that can disrupt a business’s normal course of activities.
Cyber liability insurance can also cover legal services to help meet state and federal regulations, including notification expenses to affected customers following a cyber compromise event. State and federal agency regulatory fines are also generally covered as well as lost income from network outages.
It is recommended for most larger businesses, but small businesses, depending on the nature of their goods and services, can benefit from this type of coverage as well.
Policies vary from insurer to insurer, and most policies are flexible and can be customized depending on your needs.
Also, most policies include first-party and third-party coverage.
Here’s what that means.
First-Party vs. Third-Party Coverage
First-party coverage insures against loss to your data or income or loss of any other aspect of your business as a direct result of a cyber-attack. This may include:
- Loss of funds from theft or fraud.
- Loss of income and costs if your business activities are interrupted.
- Legal, technical and forensic services. Business owners may retain these services to determine if a breach has taken place, the extent of the breach, and how to fix the problem.
- Cyber extortion costs such as when a hacker enters your computer system and threatens to damage your data, introduce a virus, or initiate a denial of service attack unless you pay a ransom.
- Replacement costs for the physical damage to business computer hardware and software.
- Investigation costs related to threats toward your business for future data breaches.
Third-party coverage insures your business against losses that third parties associated with your business have incurred due to a directed cyber event. This may include:
- Coverage for lawsuits or settlements resulting from a data breach.
- Coverage against claims for negligent acts, errors, or omissions.
- Cost to respond to government queries into cyber attacks. This can be especially important if there is a need to retain legal, technical, or forensic professional support.
- External communications costs (notifying customers, clients, employees, etc.)
- Public relations, advertising, or crisis management responses from the data breach.
- Liability costs associated with a breach of employee or customer privacy.
- Ongoing costs for credit or fraud monitoring.
The Difference Between Cyber Liability and Data Breach Insurance
If you’re considering cyber liability insurance, you probably should be aware that there is a difference between that kind of a policy and a data breach insurance policy.
They’re similar, and both offer some of the same benefits, but they have certain limitations as well.
Data breach insurance helps your business respond if there is a PII loss (Personal Identifying Information) or PHI (Personal Health Information). This may happen if a hacker breaks into your network or an employee accidentally loses their laptop containing sensitive information.
Data breach insurance will help pay for notifying customers, employees, and other impacted parties. This can extend to hiring a public relations firm to manage crisis communications and messaging. It also provides coverage so that you can offer credit monitoring services to potential data breach victims.
Policies can be enhanced by adding riders such as business income and extra expense coverage, prior acts coverage, and extortion coverage for times when your data may be held for ransom.
As you can see, there’s overlap, but you should at least be aware that both types of policies exist. Be sure to question your insurer if they carry both so that you fully understand the coverages and exclusions.
How Much Does Cyber Liability Insurance Cost?
The short answer is…it depends.
There are several variables to consider when putting together a policy. These include:
- Coverage limits. The more complex your coverage needs are, the more you’ll have to pay. If you store a lot of data, or you’re a larger, more established business with multiple servers or other data points of contact, you’ll pay more.
- Your industry. If you run your business primarily online and face more threats, you’ll be deemed a more significant risk and pay a higher premium. Healthcare and accounting businesses tend to store the most sensitive and private information, so they are also considered at more risk and will also pay more for coverage. Companies that also engage in many credit and debit transactions or store personal information such as Social Security numbers or birth information are considered to be at more risk.
- Who has data access? If you limit who has access to your electronic records, perhaps only to senior employees or other restricted classes of employees, you’ll be considered less open to breaches, and your premium should be less.
- Existing data security measures. Just like a good driver policy, if you already have things like antivirus software or network firewalls in place, you might be able to negotiate a lower premium.
- Claims history. If you have a bad track record of data security, and that’s reflected by claims you’ve made in the past, you might be subject to a higher premium.
According to insurance industry statistics, in 2019, the average cost of cyber liability insurance in the United States was estimated to be $1,501 per year for $1 million in liability coverage, with a $10,000 deductible.
The average annual premium for a cyber liability limit of $500,000 with a $5,000 deductible was $1,146. The average annual premium for a cyber liability limit of $250,000 with a $2,500 deductible was $739.
You’ll need to check with your carrier to define your needs so that you can get an accurate quote for your unique situation.
If you want to do some research, start by talking with your insurance agent who will provide valuable advice and answer questions you’re sure to have regarding coverage and costs.
You can also do some digging online on your own. Take a look at some of the industry leaders who offer cyber security insurance such as AIG, Travelers, The Hartford, Liberty Mutual, and others.
As cyber security insurance becomes more of a mainstream business issue, there are several general insurance industry articles that are excellent sources of information as well.