Information technology provides us with many conveniences. We can bank and shop online, keep track of inventories in real time, plan routes using online maps, and store our medical profiles in the cloud for convenient yet secure access. In short, our ability to process, store, transmit, and receive data facilitates life and commerce as we know them today.
However, since we’ve become so reliant on data, we are vulnerable whenever it is compromised (e.g., falsified electronic records), lost (e.g., accidental deletion), or stolen (e.g., proprietary files copied by bad actors). If any of these three things happen, you’ll likely incur one or more of the following costs:
- Restoration or replacement services for lost data
- Liability for damages to third parties
- Media placements for notifying the public of confidential data releases
The need for cyber liability insurance
As with most risks that can potentially cost individuals or organizations a fortune, insurance companies have developed a category of policies to cover these costs: cyber liability insurance. Cyber liability coverage might sound like an extravagance to business people who are unaware that even some of the most powerful tech companies can suffer data breaches, but we trust that you know better.
With hackers becoming more devious and more vulnerabilities being discovered by the day, it’s next to impossible for even the most sophisticated firms to be 100% data breach-proof. And, more often than not, smaller companies can’t afford anything more than basic data security measures. Cyber liability insurance is, therefore, a safety net that will protect you from any financial losses caused by data-related incidents.
What is covered?
Cyber liability insurance can generally be classified into two types: first-party and third-party. The former covers losses your company may suffer as a direct result of a cyber event, such as human error, server damage from malfunction, fire, or natural disaster. The latter covers claims made against you for damages caused to others, either by your actions (e.g., improper storage of credit card numbers) or inaction (e.g., negligence in implementing a backup and disaster recovery plan).
Most policies include both types of insurance and have specific clauses for the risks and perils they cover.
Usual inclusions in first-party coverage
- Data loss, theft, or corruption – The policy will cover the costs of restoring data when possible after an adverse event, including the fees for outside consultants and experts hired to perform these tasks.
- Lost income or additional expenses – Disruptions to your computer system can result in lost revenue, as well as extra expenses for countering the present disruptor and preventing future ones. The policy will cover such losses.
- Cyber extortion losses – Hackers can infiltrate computer systems, lock you out of your data, or threaten to destroy it unless you pay a ransom. A policy can cover the cost of these and other denial-of-service (DOS) attacks, which may include paying off the hacker.
- Costs of notifications and damage mitigation – Data regulations may require you to notify all parties affected by a data breach. This can incur costs ranging for attorney fees, media placements, and even setting up a victim call center, which the policy will cover.
- Crisis management costs – A data breach can severely tarnish the perceived trustworthiness of your company. Therefore, some policies cover the costs of public relations and marketing efforts that are geared toward restoring your firm’s reputation.
Usual liabilities covered in third-party coverage
Third-party coverage pays for defending your firm against stakeholder claims and for settlements for damages resulting from such claims. Here are the most common liability insurance policies:
- Network privacy liability insurance – Covers lawsuits concerning the failure to protect sensitive third-party data held in your computer systems
- Network security liability insurance – Covers claims pertaining to data breaches or the inability of authorized parties to access data in your system (which may result in breaches of service level agreements)
- Electronic media liability insurance – Covers slander, libel, defamation, copyright infringement, and other claims resulting from you publishing electronic data on the internet
- Errors and omissions liability insurance – Covers claims arising from flaws or missing components in digital products (such as program code) resulting from professional services (such as software development).
There are many other types of cybercentric coverage, such as those that apply to funds transfer fraud, identity theft, and other cybercrime. Some firms even specialize in crafting policies that are tailored to businesses in industries such as finance and healthcare.