Cyber liability insurance
It seems as if every month the news announces a data breach. Most hackers target large companies, such as Target, Home Depot or Experian, but no business is immune from a security data breach. It’s estimated that 40 percent of cyber attacks are targeted at small businesses. Hackers want to access your personal, business or customer financial and personal data to get credit card account information, social security numbers and back account information. Your business trade secrets and intellectual property may also be at risk.
What is cyber liability insurance?
If a hacker does steal information from your system, your company could be liable for cleaning up the problem. You may have to pay to have credit protection for your customers, cover the costs of a lawsuit and may even have to restore your data. These expenses might devastate your company if you aren’t prepared for a data breach.
Fortunately, your business has the option of cyber liability insurance, a policy that is designed to protect your business from different threats, such a sever or network breach, trade secret leaks or privacy leaks. This type of policy covers first-party costs, the direct costs of managing a data breach, and third-party costs, those expenses when someone sues you. The average cost of a cyber attack to a small or medium business is $188,000. Large business may have the financial resources to deal with cyber breach, but most businesses don’t have an extra $200,000 lying around to pay for cleaning up a hack.
What does cyber insurance cover?
Cyber insurance policies can be complex, because they are usually a combination of different components. Depending on your policy terms and riders, your insurance policy can cover things such as:
- Lawsuit damages
- Lawsuit defense costs
- Breach notice costs
- Data restoration costs
- Breach extortion costs
- Forensic investigation of the breach
Cyber liability insurance does not cover items such as reputational harm, loss or future revenue and lost value of your own intellectual property. It won’t cover the expense to improve your internal technology systems.
Your cyber insurance may not cover a client who is infected with a virus from your system. Typically, it is your system that must be impacted. However, your professional liability insurance cover the losses if your system inadvertently crashes a client’s network. You need to talk to your insurance company about the limitations and exclusions of your particular policy. The cyber insurance is constantly evolving to meet the risks that businesses face.
How much cyber liability insurance do you need?
Determining the policy amount depends on many elements. You need to look at your risk profile. If you do business with countries such as Russia and Eastern Europe, you may have a higher risk. Consider what type of data your company holds? Companies that store a lot of personal customer data in their system should consider more insurance than a company that doesn’t keep that information on file.
You should also consider whether your vendors have cyber liability insurance. The Target breach was through one of its smaller vendors, but Target bore the brunt of the costs. Your insurance agent has tools that can help you get a sense of what a breach could cost you based on the size and scope of your business. You might want to consider coverage for acts and omissions by third parties if you outsource any of your business data processing or data storage to another company.
Understand your existing coverage. Some policies you already have may have some protection against cyber risks. When purchasing cyber liability insurance, make sure to understand all the exclusions and limitations. Know the inception date of the policy. You may even be able to purchase retroactive coverage, which would protect you for a breach made prior to the purchase of the policy. Many breaches are not discovered for a long period of time.
If your employees use their own tablets, computers or devices, you may want to consider coverage for those devices. Hackers can access a system through a device that does have a high level of security. You should also ask whether your policy covers a regulatory investigation or action taken by state or federal agencies.
Take advantage of the risk management services offered by your insurance company. By working with a carrier that can help you prevent breaches, you reduce your risk of having to make a claim and use your insurance. If you have an online presence, you have to take steps to protect your business from an online security breach.
Preventative measures your business should take
The internet, apps and other technological advances have made operating a business much easier, but it does open the door to many more risks and challenges. Businesses have to take measure to prevent breaches:
- Use a firewall
- Update hardware and software as needed to keep your system secure
- Update antivirus/anti-malware software
- Have policies in place that outline who has access to company data; don’t forget that cyber threats can come from within as well as outside the company
- Have encryption software
- Audits of your system
- Employee training
Your business should also know what to do in the event of a data breach. Trying to fix it without the help of experts may damage the evidence. Having a procedure in place when a breach occurs can limit the chaos and stress and keep everyone on task to prevent even more damage.
Cyber security is important in today’s marketplace
A cyber attack can cost your business thousands of dollars in lawsuit costs, defense expenses and lost revenue, and it will most certainly result in lost customers and could damage your reputation. Cyber liability insurance is not only about preventing financial loss, but also about preventative measures that prevent an attack.
The cyber liability insurance market is changing with today’s technology. At one time, it was simply an errors and omissions component for technology companies, but today, it is a robust offering with up to $300 million in coverage for businesses. It’s time to make sure your company has the protection it needs against cyber threats.