What is Cyber Liability Insurance and Why is It Important?
To some degree, so much of business is done online these days. You may not be a technology-centered organization, but even a small brick and mortar business most likely has some electronic data. This has increasingly allowed efficiencies, speed, and convenience — but has also posed threats to cybersecurity. That is why it's in every business's best interest to not only examine and optimize their cyber- security best practices, but also have a solid cyber security insurance policy to help manage cyber risk.
What is Cyber Liability Insurance?
Cyber liability insurance is a policy that offers coverage to help protect the company in the event of data breaches and other cyber security issues. A policy generally covers financial losses arising from data breaches, viruses, hacking, denial of service, cyber extortion, and other cyber incidents. These include legal fees stemming from civil suits, regulatory fines and penalties, and mandatory forensic examinations.
A cyber liability policy also protects you beyond the basics of general liability insurance, which does not protect against cyber attacks and data breaches.
Who Needs Cyber Liability Insurance?
All businesses can benefit from a cyber insurance policy. For example, businesses that sell online — a process which involves maintaining and storing sensitive data such as personally identifiable information, credit card numbers, and contact information — need to consider a policy, since a breach could mean lost sales, furious customers, and other negative impacts down the road. Beyond e-commerce businesses, if your organization stores and manages any type of data online, a cyber liability insurance policy offers an additional layer of protection in the event of a data breach. Consider confidential employee information or important customer details, just to name a few: this information is too important to a business to not have cyber liability insurance.
What Does and Doesn't Cyber Liability Insurance Cover?
When researching cyber liability coverage options, an important step is understanding what does cyber liability cover and exclude.
A cyber liability policy protects businesses from claims and expenses (including loss of income, related expenses, and damage to your company's reputation) resulting from a data breach, hacking or cyber attack. Depending on the policy you choose, cyber liability insurance coverage generally includes:
- Coverage of all devices that could be stolen or lost (mobile phones, laptops, tablets)
- Protection if you’re a victim of hacking and viruses
- Liability for slanderous blog content
- Data corruption and/or theft
- Crisis management (public relations assistance, brand-rebuilding efforts)
Many cyber security policies do not cover:
- Preventable security issues, such as poor configuration management or mishandling digital assets.
- Incidents that occurred before the policy went into effect.
- Acts initiated and caused by the insured.
- Infrastructure failures not caused by a purposeful cyber attack.
- Costs incurred to improve cyber security after an attack or breach has already happened.
- Loss of or damage to property (e.g., physical assets covered by property insurance).
- Other expenses beyond the coverage limits of the policy.
Why is Cyber Liability Insurance Important?
Cyber liability insurance may not be the first thing that comes to a business owner's mind when they are contemplating insurance coverage for their company. However, any quick glance at the news demonstrates the increasing threat of cyber attacks, ransomware, and data breaches on not just big-name corporations, but on businesses of all sizes across the U.S. In fact, more than 70% of cyber attacks target small firms, and the cost of recovery can force an organization out of business.
Consider these potential threats to your business:
- A breach of your social media account
- The leaking of confidential client information
- Compromised data security due to employee errors
- Identity theft, computer virus, or phishing scams
Any of these cyber attacks can have a devastating effect on a small business. Hackers who gain access to sensitive customer information (Social Security numbers, credit card numbers, home addresses, etc.) can wreak havoc on those individuals' lives. As if that isn't bad enough, hackers can also siphon off a business's capital and ruin the owner's credit. If you're asking yourself if cyber liability insurance is worth it, think of the potential costs that would be associated with fixing any of those potential threats on your own.
Most traditional business insurance policies don't cover the range of expenses incurred by a cyber attack, such as:
Interruption of Business Operations
A business that gets hacked generally must shut down for an unspecified period of time to investigate how the attack occurred and the extent of data compromised (which may require hiring experts to analyze and recover lost information). This can entail days or even weeks of lost revenue — not to mention a further loss of sales due to bad publicity and a drop in customer confidence.
Customer Notification and Discounts
Time and effort are involved in notifying customers of a data breach, as well as devising offers of discounts or credit card monitoring to placate these customers and hopefully retain their future business.
Any response to a cyber attack will likely involve a system-wide overhaul of security (new software and infrastructure, training staff in new procedures, etc.). Also, many merchant service arrangements stipulate that the business owner is liable for the costs of a forensic investigation, reissuing of credit cards, and other related costs.
Depending on the size and scope of a business, it may be necessary in the wake of a cyber attack to hire a crisis management firm to help rebuild the damaged brand.
The scale of potential damage is more than most small businesses can sustain without proper insurance coverage. The 2021 Hiscox Small Business Cyber Risk Report found that many businesses experienced more than one cyber attack in the past year, and 1 in 6 businesses said an attack threatened their survival. For these reasons alone, cyber liability insurance is well worth considering for your business, both as part of a comprehensive information security plan and in tandem with your regular business insurance and employment liability policies.
Choosing the Right Cyber Liability Insurance
As with any insurance coverage, policies differ in what may be covered. Cyber liability insurance assists with preventive and risk management policies, as well. The right carrier will help you create the best possible firewall protection, tailor appropriate social media policies, offer business interruption protection, and cover legal fees incurred by judgments or settlements. Start by contacting an insurance representative to determine if they offer this type of coverage, or speak to an independent agent who's knowledgeable in this area.
It's difficult to overstate the importance of protecting the data stored and used by your business, as well as the trust of your customers. A customized cyber liability policy may make the difference between recovering from a cyber attack and losing everything you've worked so hard to establish.
Insurance sold and serviced by Paychex Insurance Agency, Inc., 150 Sawgrass Drive, Rochester, NY 14620. CA License 0C28207.