Employment Practices Liability Insurance
Employment practice disputes have become one of the fastest-growing sources of litigation. In the event an employee brings charges against a company, Employment Practices Liability Insurance (EPLI) can help mitigate an employer’s financial exposure. Paychex Insurance Agency makes obtaining EPLI insurance easy.
What Is Employment Practices Liability Insurance Coverage?
An EPLI policy is a type of business insurance that helps to cover company losses associated with employment claims. EPL insurance provides your organization with protection it needs when responding to allegations of wrongful employment practices.
What Does EPLI Insurance Cover and Not Cover?
Several factors affect a company’s risk level, including the type and size of the business. Our licensed insurance agents will assist you in assessing and understanding and assessing your specific risk level and will help you secure employment practices liability coverage that meets your needs.
What Can Be Covered by Employment Practices Liability Insurance:
- Discrimination claims
- Sexual harassment claims
- Wrongful termination claims
- Retaliation claims
What May Not Be Covered by Employment Practices Liability Insurance:
- Illegal profit
- Criminal acts
- Claims regarding layoffs or business restructuring/downsizing your business
What You Get With EPLI Through Paychex Insurance Agency
Compare affordable quotes from nationwide carriers, matching features and affordability to the needs of your business.
Communicate with Carriers
Paychex representatives are always available for assistance to communicate with insurance carriers
Combine key business policies for stronger coverage at reduced rates.
Paychex Insurance Agency Partners With Top Carriers
Paychex Insurance Agency has partnered with leading national insurance carriers to offer your business comprehensive coverage at a competitive rate. Our relationship with these insurance carriers assures you a competitive rate and comprehensive coverage.
Business Insurance to Meet Your Needs
Paychex Insurance Agency offers a wide range of business insurance policies to help protect your business and employees from costly claims and losses.
One Place for All Your Insurance Solutions
As a top 100 insurance agency*, we’re your single stop for property and casualty, health and benefits, and benefits administration. Find out more about what Paychex Insurance Agency can offer you, your business, and your employees.
Employment Practices Liability Insurance FAQs
What may not be covered by employment practices liability insurance?
What may not be covered by employment practices liability insurance?
Typically, things like fraud, illegal profit, criminal acts, and claims regarding layoffs or the restructuring or downsizing of a business are not covered by employment practices liability insurance.
Is Employment Practices Liability Insurance the same as workers’ compensation?
Is Employment Practices Liability Insurance the same as workers’ compensation?
No, EPLI coverage helps protect against allegations of wrongful employment practices, while workers’ compensation offers coverage for medical expenses and lost wages for employees who experience a work-related injury or illness.
Is Employment Practices Liability Insurance the same as general liability insurance?
Is Employment Practices Liability Insurance the same as general liability insurance?
No, EPLI coverage helps protect against allegations of wrongful employment practices, while general liability insurance helps protect your business from claims of bodily injury or property damage that arise during normal business operations.
Do small businesses need Employment Practices Liability Insurance?
Do small businesses need Employment Practices Liability Insurance?
With employment practice disputes on the rise, employment practices liability insurance can help mitigate an employer’s financial exposure.
Recommended for You
As the calendar flips its last page of 2022, it’s safe to say the word businesses heard most this past year was “inflation”. The good news is that November marked the fifth consecutive month the rate slowed in the United States, down to 7.1 percent its lowest since January (7.5%) and an improvement over June’s 9.1%.
According to the U.S. Bureau of Labor Statistics, the slowdown in inflation can be attributed to a decrease in energy costs for gasoline and electricity, although food shelter indexes rose. Rates remain higher than economists and businesses would like, but the reprieve was welcome.
Looking to 2023, additional challenges to plan for include potential legislation and government regulations on business that could impact how to classify workers, pay workers, and provide paid time off for workers.
Hundreds of in-house compliance professionals at Paychex compiled a list of regulatory issues that could impact businesses the most in 2023 to help employers and HR personnel prepare for what could be coming down the road. Regulatory issues are those that involve any interaction with a regulatory authority (e.g., federal or state department of Labor, the Internal Revenue Service) or compliance with regulatory requirements from such government agencies.
<iframe allow="autoplay *; encrypted-media *; fullscreen *; clipboard-write" frameborder="0" height="175" style="width:100%;max-width:660px;overflow:hidden;background:transparent;" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-storage-access-by-user-activation allow-top-navigation-by-user-activation" src="https://embed.podcasts.apple.com/us/podcast/top-regulatory-issues-facing-businesses-in-2023/id1507824762?i=1000590970291"></iframe>
What are examples of regulatory issues? Here are the top issues Paychex identified for 2023:
Small Business Funding
Despite the absence of any new federal programs, businesses can still take advantage of the opportunities to find funds for their business, including some that have carried over from the COVID-19 pandemic. Some of these funds exist as tax credits such as the Employee Retention Tax Credit (ERTC). Businesses that paid qualified wages to keep employees working from March 12, 2020 through Sept. 30, 2021 (and for some certain businesses identified as Recovery Startups, wages could be paid through Dec. 31, 2021) have until either April 15, 2024 (for three quarters of 2020) or April 15, 2025 (for all eligible quarters of 2021) to file amended returns and retroactively claim the credit.
Businesses have received anywhere between tens of thousands to hundreds of thousands – even millions – of dollars in credit to infuse back in their business as they continue to recover from the financial challenges created by the pandemic.
Legislation in 2021, particularly the Inflation Reduction Act, doubled the maximum amount of the Research and Development Tax Credit, giving businesses in tax year 2023 a chance to claim up to $500,000 annually for qualified research activities.
Some states also continue to sponsor programs that enhance funding efforts to help businesses, including 48 approved State Small Business Credit Initiative programs. The U.S. Treasury has pumped millions of dollars into each state to augment capital access programs, loan guarantee programs, and venture capital programs. Most of these initiatives are to support underserved communities that have had challenges in securing funding.
Businesses also should do their due diligence in researching state and local avenues of funding, including industry-specific opportunities.
The U.S. Department of Labor (USDOL) reported in 2020 that women across all categories earned only 81% annually of earnings made by men. Pay equity continues to be a topic of discussion at the state and local level – even in 2022, with movement on getting more legislation passed expected in 2023. The goal of pay equity is to close the pay gap, plus pay equity is a strong recruitment and retention tool.
As of late 2022, seven states and several local jurisdictions have laws that require employer transparency, including amendments in Rhode Island, Washington, and California that take effect in 2023. Covered employers in these states must follow requirements that might include posting pay ranges on job postings and/or providing pay scales to candidates and existing employees who apply for open positions to remain compliant with this regulatory requirement.
Another more prevalent way states and localities have been addressing pay discrimination is the adoption of salary history bans, which generally prohibit an employer or hiring manager from inquiring about a job candidate’s pay history prior to an offer of employment or, in some instances, at all. This practice was often used to exclude individuals from a pool of candidates, as well as determine potential compensation, which helped to widen the pay gap between men and women.
As of December 2022, there are 28 states and two territories, including the District of Columbia, that have salary history bans.
As 2023 starts, employers also will need to stay abreast of continued efforts at the federal and state levels to counter discrimination in pay through annual pay data reporting laws intended to mitigate race and gender discrimination in pay.
Employee Classification Guidance
In mid-October 2022, the U.S. DOL published a Notice of Proposed Rulemaking to revise the current guidance on how to determine whether an individual is an employee or an independent contractor under the Fair Labor Standards Act (FLSA). The proposal would rescind the current rule, aligning it with judicial interpretations of FLSA, and implement the multi-factor, “totality of circumstances” analysis. This approach is to ensure that no one factor is pre-assigned more weight than another and that all factors are analyzed before determining an individual’s classification.
With the public comment period completed, the USDOL is expected to issue its final rule in 2023, which would impact businesses’ regulatory compliance. Understand that the rule is only applicable when determining worker classification under the federal wage and hour law, so employers must be diligent in keeping up with compliance obligations regarding the complex tests for determining worker status under the many other federal, state, local, and industry-specific regulations and laws.
This rule could have major financial implications on employers where individuals formerly classified as independent contractors become classified as employees and are perhaps eligible for the employer’s health coverage and retirement benefits.
Encourage Retirement Savings
SECURE Act 2.0 of 2022, signed into law Dec. 29, 2022 as part of the omnibus spending package, provides businesses and their employees with added incentives with their retirement plans.
The law builds and expands upon the Setting Every Community Up for Retirement Enhancement (SECURE) Act, which went into effect in late 2019 to help counter the retirement crisis in the United States.
SECURE Act 2.0 expands eligibility for certain small businesses to qualify for a credit equal to 100 percent of the administrative costs for establishing a workplace retirement plan. Also in 2023, an employer contribution credit is available for eligible businesses based on their employee matching or profit-sharing contributions. Auto-enrollment of employees into a company's retirement plan is mandatory beginning in 2025, which is meant to encourage more individuals to participate in saving for retirement.
Additional changes include an increase in the age to begin required minimum distribution, more opportunities for part-time workers to participate in a plan, and a student loan payment matching option that aims to counter two crises – student loan debt and retirement savings at the same time.
Paychex compliance professionals also continue to monitor the expansion and implementation of state-level retirement mandates. In 2023, Colorado, Connecticut, Illinois, Maine, Oregon, and Virginia have deadlines for their established plans or scheduled plans to launch their programs. Check out what’s happening in your state.
Wage and Hour Regulations
Based on listening sessions held in mid-2022, it’s anticipated that the USDOL will release proposed changes to the federal overtime regulations. The changes would reflect the current labor market, including an increase in the salary threshold for exempt workers. Paychex will continue to monitor the situation to help businesses navigate any additional regulatory compliance issues that could result from the changes.
At the state and local level, the wage and hour landscape remains active with minimum wage increases taking effect in almost half the states. All but a few of these increases already were scheduled to be implemented, but in Nevada’s case, its two-tiered minimum wage that factored in whether businesses provided qualifying health benefits was put to the voters in 2022. The ballot measure to establish a $12 minimum wage regardless of health benefits offered passed and will take effect July 1, 2024.
In Michigan, the 2023 minimum wage will depend ultimately on the outcome of ongoing litigation.
In certain jurisdictions, the elimination of sub-minimum wage and tip credits is also shaping the narrative around wages.
Businesses must also keep on top of industry-specific regulatory requirements regarding wages and hours worked – especially in the retail, hospitality, and healthcare industries. The pre-emptive move came from California when it enacted the Fast Food Accountability and Standards Recovery Act (FAST Act) in September 2022. The purpose of the law is to establish a council with the authority to set industry-wide standards that promote the health and safety of fast-food workers in the state.
Opponents of the law filed a voter referendum to block the law, securing more than the required number of verified signatures by Dec. 5, 2022, to block the law potentially from taking effective Jan. 1, 2023, and putting it as a ballot measure in the 2024 general elections. Check out what’s happening in your state.
In the absence of any significant movement to adopt a federal paid leave program, further hindered by narrow margins for the majority party in either chamber of Congress, states have become more active in this area. When 2022 began, nine states and the District of Columbia had laws on mandated paid family leave – joined most recently by Maryland and Delaware.
Each state’s program is different, including eligibility requirements, coverage, and implementation dates, but every program is or will be funded through payroll taxes paid by employees. In some cases, employer-paid payroll taxes also will help fund the programs.
On Jan. 1, 2023, New Hampshire begins open enrollment for the country’s first opt-in, voluntary paid family leave insurance program. The Granite State Paid Family and Medical Leave program will be available to employers or directly to employees. The private market plan won’t require an income tax or automatic payroll deduction. Similarly, Vermont announced plans to create the Vermont Family and Medical Leave Insurance program, which also will be a voluntary medical leave program. Benefits will be available beginning in July 2023.
With the growth and continued norm of a hybrid and remote workforce, businesses face new challenges, including the need to adapt privacy policies and cybersecurity practices. These policies and practices should balance the needs of the business against employee and customer expectations regarding the safeguarding of personal information.
No industry or business sector was safe in 2022 from cyberattacks. A quick glance at national and international headlines proved that: the Los Angeles Unified School District had a significant infrastructure disruption. An Australian telecom company suffered the largest cyber breach in the country’s history. Health insurers, educational institutions, and even an IT services consulting company – all hacked.
According to the National Conference on State Legislatures, states continued to introduce or consider cybersecurity legislation, including at least 40 states that produced more than 250 bills or resolutions. However, only a little more than half those states combined to enact 41 of the bills in 2022 – a majority centered on cybersecurity training and funding for cybersecurity programs.
Without a federal privacy law, states have looked to broaden the scope of data protection laws. In step with that, the marketplace has seen a flood of technology solutions designed to assist a business with its obligations. However, businesses need to be mindful that using these solutions might entail new privacy considerations, so it’s imperative to confirm that the solution complies with the rules and regulations of your state and local jurisdictions.
- Article: A cybersecurity plan can be a key productivity hack for your business
- Article: What is Cyber Liability Insurance and Why is It Important
- Podcast: Cybersecurity: What Small Businesses Need to Know
- Paychex can help: Cyber liability insurance
Other Areas of Interest for Businesses To Consider
New Tax Laws: Many states are reviewing potential inflationary adjustments to personal income tax withholding rates, so employers should remain watchful for changes impacting employee withholding tax calculations.
The COVID-19 pandemic forced many states to borrow funds from the federal government to pay unemployment benefits. Employers in states where these Title XII loans are not repaid by Nov. 10, 2023, might owe additional FUTA tax amounts in January 2024. This is commonly known as FUTA credit reduction.
As a helpful budgetary practice is to prepare for an additional tax bill if your state doesn’t repay its outstanding loan amount by the deadline. As of December 2022, the following states could be impacted: California, Connecticut, Illinois, and New York.
Hybrid and Remote Work: In the post-pandemic environment, the remote and hybrid model is a workforce structure employers should have to consider and adapt to, including any compliance obligations that might exist if your employees do not live in the same geographical area as the business. Employment regulations based on an employee’s location can vary state to state and even at the local level.
The laws and even interaction between geographies can be complex, impacting tax considerations such as reporting and remittance, workers’ compensation coverage, paid sick leave, family and medical leave, wage and hour laws, as well as anti-discrimination and pay equity protections.
- Related content: New benefits for remote workers
Healthcare Reform: Covered employers have Employer Shared Responsibility (ESR) reporting obligations under the Affordable Care Act and must ensure the furnishing and filing of timely and correct information returns, especially with increased scrutiny by the IRS. This heightened scrutiny follows the discontinuation of the good faith transition relief from penalties that began in 2021, following several years where businesses were not penalized for incomplete or incorrect returns.
Starting with plan years beginning in 2023, there is a lower affordability rate and a greater risk of an ESR assessment due to the continuation of the Enhanced Premium Tax Credit, so Applicable Large Employers (ALEs) might want to reevaluate employee health contributions to determine if adequate affordable coverage is being offered to full-time employees.
HIPAA Law and Employers: Understanding Your Responsibilities
6 min. Read
Does your organization have obligations under HIPAA? If so, you'll need to fully understand the current HIPAA law and employers must know what steps to take to protect employees' personal health information.
What Does HIPAA Stand For?
HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996.
What Is HIPAA Law and What Does HIPAA Protect?
According to the U.S. Department of Health and Human Services (HHS), HIPAA allows for necessary information sharing to ensure individuals receive access to high-quality health care, while also protecting their right to privacy. Any provider or company with access to protected health information must put measures in place to comply with HIPAA.
Who Does HIPAA Apply To?
Health care is one of the most highly regulated industries when it comes to the protection of private information. Patients and employees have come to expect that medical practitioners and other healthcare companies have adequate measures in place to protect their personal data. Employers may also be subject to privacy regulations that fall under HIPAA if they are considered a covered entity or business associate, or through the administration of a group health plan. Employers need to understand any applicable HIPAA rules — particularly during public health emergencies such as the COVID-19 pandemic — and put the correct tools and protocols in place to protect their employees' health information.
What Are Some Misconceptions About HIPAA Laws and Rules?
There are some myths about HIPAA laws and rules for employers. The HHS sets the record straight on its site that HIPAA doesn't:
- Prevent an employer from asking for a doctor's note for an absence, although this practice may create other exposures for employers.
- Affect your ability to request information needed to administer benefits programs, such as healthcare coverage, workers' compensation claims, or sick leave, although employers should consider other risk factors around these types of requests.
- Cover all employee benefit information. For example, employee life insurance, disability and workers' compensation, and wellness programs are generally not covered under this legislation.
- Cover protection of data maintained in employment records. HIPAA rules for employers only apply to medical or health plan records of employees participating as a member of the company's healthcare plan.
What Is the Purpose of HIPAA Laws and Rules in the Workplace?
HIPAA laws and regulations are used in the workplace to protect the health and medical records of employees participating in an employer-sponsored healthcare plan. The laws regulate how individuals' protected healthcare information maintained by a healthcare plan can be shared with employers.
Which Organizations Are Impacted by HIPAA Law?
There are two types of organizations that are subject to HIPAA: covered entities and business associates. Employer-sponsored health plans are considered covered entities. This means that the exchange of information between employers and health plans may be subject to additional safeguards compared to other benefit plans.
What Is a Covered Entity Under HIPAA?
This refers to healthcare organizations, including but not limited to healthcare providers, hospitals, employer-sponsored health plans, and pharmacies.
What Are Business Associates Under HIPAA?
This is a category that refers to any person or business that provides services to or works with covered entities or other business associates. If you perform services on behalf of a covered entity or business associate that involves the use or disclosure of protected health information (PHI), and fall into categories such as service providers (e.g., accountants), consultants, or technical support (like cloud storage), your business associate contract likely contains provisions that relate to HIPAA.
Does HIPAA Law Apply to All Employers?
Due to the complexities of HIPAA regulations, employers are wise to assume that if they possess health information about employees, they will need to spend time ensuring compliance. HIPAA imposes a range of requirements, but the provisions that are relevant to all subject entities pertain to the security and privacy of health-related information. By understanding applicable HIPAA rules for employers, it's possible to identify your potential risks and put a plan into place to help mitigate your exposure.
Although HIPAA's primary intent is to improve the portability and continuity of healthcare insurance plans, employers should still be familiar with the law and potential areas that may affect them. HIPAA compliance for employers can often result in stronger data security and standardized processes that benefit an employer's benefits administration procedures.
What Are Some Common Employer HIPAA Violations?
Reported incidents are generally categorized by the following types:
- Hacking/IT incidents: Improper data access resulting from an outside intrusion in the form of malware or other system break-ins.
- Theft/loss: For example, when devices storing protected health information are lost or stolen.
- Unauthorized access/disclosure: The disclosure of an individual's private information to an entity without proper approval to receive such information.
- Improper disposal: When protected health information is disposed of without the implementation of reasonable safeguards, such as shredding paper documents.
Five Important HIPAA Rules for Employers
There are five rules to pay close attention to in regard to HIPAA law. Employers should consider each of these rules carefully when it comes to compliance.
Privacy and Personal Health Information Rule (45 CFR §164.530)
HIPAA defines PHI broadly. However, some examples of PHI under HIPAA include demographic and contact information, such as a name, address, and a Social Security number that relates to an individual's past, present, or future health status. The definition of PHI also encompasses information related to payments made for the provision of health care.
HIPAA also specifically defines with whom protected health information can be shared. Primarily, covered entities and business associates can share PHI only in the following situations:
- With the person in question for treatment, billing, and healthcare operations;
- With descendants in the case of death;
- To a designated personal representative; or
- In response to a court order.
HIPAA rules require that covered entities provide notice regarding privacy practices and how PHI may be used or shared. The law is very specific regarding patient rights, what must be included, and when information must be presented.
Electronic Security Rule (45 CFR §164.308)
This rule requires physical, technical, and administrative safeguards be put into place to protect individuals' health information. The responsibility is placed on covered entities and their business associates to secure protected health information in electronic form. Organizations are expected to take the necessary steps to ensure privacy, protect against threats, ensure employee compliance, and protect against prohibited electronic uses or disclosures. Compliance is taken very seriously by regulators, with enforcement and penalties ranging up to $50,000 per violation and the potential of enforcement action in egregious cases.
Breach Notification Rule (45 CFR §§ 164.400-414)
Under this rule, covered entities and business associates are required to report any breach that compromises an individual's protected health information. In the event of a breach, proper notification must be made to affected individuals, and copies of the notifications must be submitted by the covered entity to the secretary of the HHS.
Administrative Simplification Regulation (45 CFR 160, 45 CFR 162, and 45 CFR 164)
The Administrative Simplification provisions standardize the electronic exchange of healthcare information. National standards were set for electronic transactions, code sets, and unique identifiers. Employers must use their Employer Identification Number used for tax reporting as their identifier for all HIPAA transactions.
Omnibus Rule (45 CFR § 164.308, 164.312 and 164.316)
This rule expanded liability for business associates and instituted greater penalties for noncompliance. Additional rules prevent certain information from being shared about an employee's health plan when they pay for medical services out of pocket. Companies that may be defined as a business associate will need to understand how their responsibilities have changed and make appropriate adjustments to their HIPAA policies or procedures.
How Does HIPAA Apply to Employers During Events Causing Public Health Concerns?
While HIPAA requirements still apply during public health emergencies, employers may be permitted to disclose PHI to certain individuals or organizations without an employee's or patient's permission. Such examples include:
- At the direction of public health authorities, information may be disclosed to foreign government agencies;
- Individuals at risk of spreading the disease; and
- A patient's family members, relatives, friends, or others involved in the patient's care.
Although HIPAA restricts the sharing and use of personal health information by covered entities and business associates, the law doesn't apply to employment records. Using COVID-19 as an example, the current HIPAA regulation does not prohibit employers from requesting vaccine information from employees. Also, HIPAA doesn't prevent individuals from voluntarily sharing vaccination status in the workplace, as individuals are not considered covered entities.
Employers should note that other state or federal rules may apply. For more information on HIPAA and COVID-19 vaccine employer guidelines, please visit our COVID-19 Vaccine: Frequently Asked Questions.
HIPAA Compliance in the Workplace
HIPAA compliance for employers is critical, whether they are a covered entity or business associate, offer a group health plan, or are operating during a public health emergency. Proactively addressing HIPAA may yield additional benefits for your organization, such as enhanced data security and a more efficient flow of information stemming from the use of standardized procedures and data identifiers.
If your business operates in the healthcare space or contractually works with a company that does, it's important that you determine your HIPAA obligations and risk exposure. An experienced HR professional or business attorney can help you map the risks, as well as develop and implement a plan to stay HIPAA-compliant.
To some degree, so much of business is done online these days. You may not be a technology-centered organization, but even a small brick and mortar business most likely has some electronic data. This has increasingly allowed efficiencies, speed, and convenience — but has also posed threats to cybersecurity. That is why it's in every business's best interest to not only examine and optimize their cyber- security best practices, but also have a solid cyber security insurance policy to help manage cyber risk.
What is Cyber Liability Insurance?
Cyber liability insurance is a policy that offers coverage to help protect the company in the event of data breaches and other cyber security issues. A policy generally covers financial losses arising from data breaches, viruses, hacking, denial of service, cyber extortion, and other cyber incidents. These include legal fees stemming from civil suits, regulatory fines and penalties, and mandatory forensic examinations.
A cyber liability policy also protects you beyond the basics of general liability insurance, which does not protect against cyber attacks and data breaches.
Who Needs Cyber Liability Insurance?
All businesses can benefit from a cyber insurance policy. For example, businesses that sell online — a process which involves maintaining and storing sensitive data such as personally identifiable information, credit card numbers, and contact information — need to consider a policy, since a breach could mean lost sales, furious customers, and other negative impacts down the road. Beyond e-commerce businesses, if your organization stores and manages any type of data online, a cyber liability insurance policy offers an additional layer of protection in the event of a data breach. Consider confidential employee information or important customer details, just to name a few: this information is too important to a business to not have cyber liability insurance.
What Does and Doesn't Cyber Liability Insurance Cover?
When researching cyber liability coverage options, an important step is understanding what does cyber liability cover and exclude.
A cyber liability policy protects businesses from claims and expenses (including loss of income, related expenses, and damage to your company's reputation) resulting from a data breach, hacking or cyber attack. Depending on the policy you choose, cyber liability insurance coverage generally includes:
- Coverage of all devices that could be stolen or lost (mobile phones, laptops, tablets)
- Protection if you’re a victim of hacking and viruses
- Liability for slanderous blog content
- Data corruption and/or theft
- Crisis management (public relations assistance, brand-rebuilding efforts)
Many cyber security policies do not cover:
- Preventable security issues, such as poor configuration management or mishandling digital assets.
- Incidents that occurred before the policy went into effect.
- Acts initiated and caused by the insured.
- Infrastructure failures not caused by a purposeful cyber attack.
- Costs incurred to improve cyber security after an attack or breach has already happened.
- Loss of or damage to property (e.g., physical assets covered by property insurance).
- Other expenses beyond the coverage limits of the policy.
Why is Cyber Liability Insurance Important?
Cyber liability insurance may not be the first thing that comes to a business owner's mind when they are contemplating insurance coverage for their company. However, any quick glance at the news demonstrates the increasing threat of cyber attacks, ransomware, and data breaches on not just big-name corporations, but on businesses of all sizes across the U.S. In fact, more than 70% of cyber attacks target small firms, and the cost of recovery can force an organization out of business.
Consider these potential threats to your business:
- A breach of your social media account
- The leaking of confidential client information
- Compromised data security due to employee errors
- Identity theft, computer virus, or phishing scams
Any of these cyber attacks can have a devastating effect on a small business. Hackers who gain access to sensitive customer information (Social Security numbers, credit card numbers, home addresses, etc.) can wreak havoc on those individuals' lives. As if that isn't bad enough, hackers can also siphon off a business's capital and ruin the owner's credit. If you're asking yourself if cyber liability insurance is worth it, think of the potential costs that would be associated with fixing any of those potential threats on your own.
Most traditional business insurance policies don't cover the range of expenses incurred by a cyber attack, such as:
Interruption of Business Operations
A business that gets hacked generally must shut down for an unspecified period of time to investigate how the attack occurred and the extent of data compromised (which may require hiring experts to analyze and recover lost information). This can entail days or even weeks of lost revenue — not to mention a further loss of sales due to bad publicity and a drop in customer confidence.
Customer Notification and Discounts
Time and effort are involved in notifying customers of a data breach, as well as devising offers of discounts or credit card monitoring to placate these customers and hopefully retain their future business.
Any response to a cyber attack will likely involve a system-wide overhaul of security (new software and infrastructure, training staff in new procedures, etc.). Also, many merchant service arrangements stipulate that the business owner is liable for the costs of a forensic investigation, reissuing of credit cards, and other related costs.
Depending on the size and scope of a business, it may be necessary in the wake of a cyber attack to hire a crisis management firm to help rebuild the damaged brand.
The scale of potential damage is more than most small businesses can sustain without proper insurance coverage. The 2021 Hiscox Small Business Cyber Risk Report found that many businesses experienced more than one cyber attack in the past year, and 1 in 6 businesses said an attack threatened their survival. For these reasons alone, cyber liability insurance is well worth considering for your business, both as part of a comprehensive information security plan and in tandem with your regular business insurance and employment liability policies.
Choosing the Right Cyber Liability Insurance
As with any insurance coverage, policies differ in what may be covered. Cyber liability insurance assists with preventive and risk management policies, as well. The right carrier will help you create the best possible firewall protection, tailor appropriate social media policies, offer business interruption protection, and cover legal fees incurred by judgments or settlements. Start by contacting an insurance representative to determine if they offer this type of coverage, or speak to an independent agent who's knowledgeable in this area.
It's difficult to overstate the importance of protecting the data stored and used by your business, as well as the trust of your customers. A customized cyber liability policy may make the difference between recovering from a cyber attack and losing everything you've worked so hard to establish.
Insurance sold and serviced by Paychex Insurance Agency, Inc., 225 Kenneth Drive, Rochester, NY 14623. CA License 0C28207.