Cyber Liability
You’ve probably read the headlines: large companies are frequently exposed to data breaches, hacking incidents and network failures.
Companies can face hefty fines and expensive legal settlements in such cyber liability cases – not to mention losses resulting from the damage to a brand’s reputation.
But this problem isn’t just for major companies. Your small business could also face cyber risk.
That’s why we have Cyber Insurance coverage, which protects businesses from the increasingly sophisticated and complex threats that are prevalent in today’s tech-driven society.
Read on to find out more about this type of coverage, and if it’s right for your business.
What Cyber Liability Insurance?
Cyber Insurance coverage can cover a broad range of information security-related claims, including data breaches, network failures and media or content liability.
Many small business owners dismiss this insurance as something that only big companies have to worry about. The truth is, however, that there are thousands of small businesses handling sensitive information that could be exposed, leaving them liable to numerous claims. All it takes is one breach, whether it’s as sophisticated as a hacking or as simple as an employee’s laptop being stolen, to cost your business seriously.
Any business that handles sensitive customer information, like credit card numbers, is at risk. If it happens to you, a breach or network failure could wind up costing your small business to the tune of hundreds of thousands of dollars.
Furthering the case for Electronic Data Liability Insurance, most states in the U.S. have laws that make data breach notification mandatory. Notification can quickly become very expensive, especially if you need to communicate with thousands of customers via mail, making this type of insurance an affordable way to comply while mitigating costs. As data breaches become more and more common, this insurance will grow to be just as vital to small businesses as policies that protect them from things like fires, floods and vandalism incidents.
What Are the “Limits” on a Cyber Liability Insurance Policy?
For this type of coverage, first-party coverages are typically offered as sublimits of liability. What this means is that only a small portion of your total policy can be applied to certain cost areas. While historically these sublimits have been small (for example, a $100,000 sublimit for regulatory fines and penalties as part of a $5 million policy), they have recently expanded. In most cases today, your business will be able to apply up to 50 percent of the total policy limit to first-party costs, and some markets will even offer blanket policies with no sublimits. It’s important to read the wording of your policy carefully to ensure you will be covered for all the costs you may incur.
Additionally, there are often time-related limits written into these types of policies. That means your network could have to be down for a certain specified number of hours before business interruption coverage would kick in. If it’s only down for an hour, you’re likely not going to be able to make a successful claim.
In addition to that...
Cyber Insurance coverage protects your small business from a variety of cyber security breach claims and lawsuits. That could range from accidental loss of personal information surrounding customers or employees to online hacking and theft of confidential information (like your customers’ credit card numbers), and even the loss or theft of paper records from your office.
Your policy should cover expenses relating to the investigation of a data breach, the cost of legal counsel, the cost of communicating the breach to customers (including mailings), costs related to business interruption while your network is down and public relations expenses. These policies also cover third-party costs, including their legal defense costs and resulting settlements and judgments, any liability to banks for re-issuing credit cards and notifying customers, and regulatory fines and penalties. You may also want to consider investing in a policy that covers employee privacy liability, in case employee records are exposed.
In addition to data breach coverage, Cyber Insurance covers:
- Media liability
- Network security/failure liability, including both first-party and third-party costs
- Extortion liability
You’ll Know It’s the Right Policy If It Covers:
- Costs to investigate a data breach or security threat
- Notification of data breaches to customers or other legally required parties (like employees)
- Credit card and fraud monitoring services for your customers
- The cost of retaining a public relations agency or consultant for crisis communications and reputation management assistance
- Defense and court costs, as well as resulting settlements and judgements.
How Much Does Cyber Insurance Cost?
Electronic Data Liability Insurance is often added to a Business Owner’s Policy, which can make it more affordable as part of the bundle. However, many small businesses also purchase it separately.
But while simple policies exist, figuring out exactly what coverage your small business needs can still be tricky. Factors that you’ll need to consider include:
- Your business’s size
- Your industry
- Your level of exposure
- Your business model
There are different levels of service you can choose from when selecting a policy. These will affect the cost of Cyber Insurance. For example, some will provide you with a point person who will handle your claims from beginning to end, while others will have you manage claims individually and leave you free to choose which services you want to utilize from a list of suppliers they work with.
Small businesses can implement security controls to reduce their risk and therefore their premiums for this type of insurance. These controls can range from installing advanced security software to implementing internal procedures for handling customer data and providing a virtual private network, or VPN, for remote employees to access company servers. It’s also important for small businesses to conduct regular security audits, as well as train employees on how to protect valuable and sensitive customer information.
Additionally, some policies will offer reduced premiums for each year your business does not have a claim. This can be helpful, particularly when factoring in other expenses, such as the cost of General Liability Insurance.
As businesses become more and more reliant on technology, it’s time to face the fact that data breaches and network security issues are only going to become more prevalent. As a small business owner, you don’t want to get stuck with the bill.
Not only that, but in times of crisis, your immediate actions can make or break your future success. Swift action is necessary to prove to your customers and stakeholders that you’re remedying the situation.
Purchase an insurance policy and rest easy knowing that in the case of a cyber liability incident you’ll be able to focus on what’s most important (repairing your brand’s reputation and its relationship with customers) instead of worrying about how you’ll pay for things like court fees and notification costs.
| Subindustry Name | Number of Purchased Policies | Highest Annual Revenue | Average Annual Revenue | Highest Premium | Average Premium |
|---|---|---|---|---|---|
| Software Publishers | 71 | $54,000,000 | $1,665,823 | $55,500 | $2,296 |
| Management Consulting Services | 32 | $12,000,000 | $254,500 | $41,350 | $711 |
| Custom Computer Programming Services | 20 | $92,000,000 | $734,928 | $35,141 | $1,188 |
| Marketing Consulting Services | 17 | $18,000,000 | $735,557 | $21,523 | $954 |
| Tax Preparation Services | 16 | $1,200,000 | $116,347 | $9,833 | $619 |
| Data Processing, Hosting, and Related Services | 14 | $10,000,000 | $678,559 | $14,500 | $1,421 |
| Computer Systems Design Services | 14 | $16,000,000 | $539,188 | $23,043 | $1,023 |
| Electronic Shopping | 10 | $15,000,000 | $420,806 | $15,896 | $923 |
| Internet Publishing and Broadcasting and Web Search Portals | 10 | $70,000,000 | $987,208 | $16,531 | $1,547 |
| All Other Information Services | 9 | $17,000,000 | $2,450,101 | $17,301 | $3,297 |
Frequently Asked Questions
While there are currently no specific requirements for Cyber Liability insurance, most insurance companies will expect you to report any loss in a reasonable period of time. It is also a good idea to prevent any further loss once you know something has happened.
Data Breach, also referred to as Data Compromise, is a part of Cyber Liability insurance. Data Breach is when electronic data is leaked usually by theft, whether a hacker or a stolen computer. There is usually a sublimit for Data Breach which means once that limit is reached, no more benefits will be paid. Cyber Liability is more geared towards notifying the parties that have been affected by the cyber event.
While phishing is not directly stated as a coverage amount on a Cyber Liability insurance policy, you can find coverage for it under Social Engineering because it is considered deception, impersonation, or fraudulent instruction. This coverage also usually has a sublimit, so be sure to pay attention to all of the limits on the policy.
Yes, and often the insurance company will pay the ransom rather than attempt to fight the person or people who have taken your data, as there is a higher chance of having your data returned unharmed. Check with an advisor.