Small Business

Cyber Liability Insurance

 What Is Cyber Liability Insurance?

Cyber liability insurance covers financial losses that result from data breaches and other cyber events. Policies vary widely because most insurers that offer cyber coverage use forms they’ve developed themselves. Many policies include both first-party and third-party coverages.

Many small businesses use computers to send, receive, or store electronic data. Important data may be contained in sales projections, tax records, contingency plans, and other company documents. If such information is lost, damaged, or stolen due to a security breach, it may be difficult and costly to restore.

A data breach can also trigger third-party claims or lawsuits if it involves personally identifiable information such as social security numbers, health records, and credit card numbers. Businesses can protect themselves against the costs associated with data breaches by purchasing a cyber liability policy

Coverage for Costs of a Breach

Here are some first-party coverages you are likely to find in a cyber liability policy. These reimburse the business for costs it’s already incurred.

• Data restoration: Covers the cost to replace or restore electronic data, programs, or software damaged or destroyed by a hacker attack, a virus, denial of service (DoS) attack, or other covered peril.
• Loss of income and extra expenses: Covers income losses sustained by a business and extra expenses it incurs to restore its operations following a shutdown caused by a computer virus, hacker attack, or other covered peril. Some policies cover income a business loses because a supplier, distributor, or other company that it depends on has been forced to shut down due to a data breach.\
• Cyber extortion: Covers a ransom paid to a hacker who’s breached a company’s computer system and threatened to commit a nefarious act like damaging data, introducing a virus, initiating a DoS attack, or releasing confidential data unless the ransom is paid. Policies generally cover any extortion payment made with the insurer’s consent plus related expenses, such as the cost of hiring an expert to negotiate with the extortionist.
• Notification costs: Covers the cost of notifying parties whose data has been affected by a data breach. This coverage is important because most states have laws requiring businesses to inform individuals when their personal information has been compromised.1 Policies may also cover the cost of providing credit monitoring services and establishing a call center.
• Crisis management: Most cyber policies afford some coverage for crisis management expenses. Depending on the policy, coverage may include the cost of hiring an attorney, forensic accountant, computer expert, or public relations expert to assess the scope of the damage, determine whose data was compromised, help mitigate the loss, and protect the company’s reputation.

Coverage for Claims and Lawsuits

Many cyber policies include liability coverages like those outlined below. These coverages are usually claims-made. They typically cover damages or settlements plus defense costs, which may be covered within the limit or in addition to the limit.

• Network security and privacy liability: Covers claims against the business arising from negligent acts, errors, or omissions such as the failure to protect sensitive data, the failure to provide notification of a data breach, or the failure to prevent a security breach that results in a DoS attack or the introduction of a virus.
• Electronic media liability: Electronic media liability insurance covers lawsuits against the business for acts like libel, slander, defamation, copyright infringement, invasion of privacy, or domain name infringement. Generally, these acts are covered only if they result from the policyholder’s publication of electronic data on the Internet.
• Regulatory proceedings – Covers fines or penalties imposed on the business by regulatory agencies that oversee data breach laws. Also covers the cost of hiring an attorney to help respond to a regulatory proceeding

What about Ransomware?

Ransomware is a type of malware attack that encrypts a victim’s files so they can’t access their information, effectively holding their data for ransom. The hacker usually asks for payment in order to restore access and decrypt the user’s data.