Get a quote on Cyber Liability Insurance
When you work in the consulting industry, clients often entrust you with critical data about their businesses, which they expect you to keep safe. If a cyberattack or data breach results in lost or stolen data, it could have a major impact on your business. It can be expensive and difficult to restore data, remove viruses, and pay any required regulatory fines. You could be sued for failing to keep a client’s information safe, and in addition to the costs associated with a lawsuit, the damage to your reputation can be significant if the public becomes aware that you were the victim of a hacking incident.
Cyber Liability Insurance exists to provide financial protection from these risks. Although your company may have strong cybersecurity protocols, no system is completely immune to hacking, so there’s always a risk that your business could fall victim to a cyberattack. These costly incidents can severely diminish confidence in your business, and could even halt your business operations for a time if they affect crucial systems. The financial assistance that Cyber Liability Insurance provides can help your company continue operating in these situations.
What is Cyber Liability Insurance for consultants?
Cyber Liability Insurance covers losses and damages that result from cyber events, which could include hacking, data breaches, cyberattacks, ransomware, cyberextortion, denial of service attacks, viruses, and more. As businesses rely more and more on technology and electronic equipment, and as cybercrime continues to be lucrative for criminals, it’s more important than ever to protect your business from these threats. Most general liability policies specifically exclude coverage for cyber events, so it’s crucial to consider Cyber Liability Insurance as part of your business’s risk management program.
Example:
- Your financial consulting company is the victim of a cyberattack, and confidential financial information belonging to your clients is stolen. Your clients sue you for failing to keep their data safe. Your insurer will pay for your legal fees and any settlements or judgments in the case, as well as the costs of hiring outside experts to investigate the extent of the cyberattack and what led to it.
Cyber Liability Insurance is a relatively new type of coverage, and policies can vary widely depending on the insurer. While some insurers will cover phishing scams and other common social engineering fraud schemes that fool employees into giving up passwords or allowing unauthorized access to systems, others will exclude these situations. Coverage also varies for data breaches that aren’t related to cybercrimes, such as a lost or stolen laptop containing confidential information or an employee accidentally emailing private information to the wrong person. It’s important to consult with your insurer to understand exactly what types of claims are covered.
Why do consultants need Cyber Liability Insurance?
Although you may associate cyberattacks and data breaches with large, multi-national corporations like Target or Equifax, the truth is all businesses, regardless of size, can be vulnerable to hacking and cybercrime. In fact, small businesses are generally more likely to be victims of an attack, as they often lack the resources, training, and technical know-how to prevent and address a cybersecurity event.
As a consulting business, you likely work with and store confidential information on your employees as well as your clients, and it’s crucial that you keep this data secure. This is why Cyber Liability Insurance is a key coverage for companies in the consulting industry. If sensitive client data such as financial records or customer information is stolen, lost, or damaged due to hacking or other cyber incidents, your clients could sue you for damages. In addition, the costs of recovering from a cyberattack could be high. You may need to hire outside help to diagnose and address any security vulnerabilities or data recovery efforts, notify impacted customers and provide potential reparations, and invest in marketing to repair your firm’s reputation.
Example:
- Your financial consulting firm suffers a data breach, and customer data, including financial records and bank account information, are stolen. You hire an outside firm to investigate the incident, and you also provide credit monitoring services for impacted customers for a year. These costs are covered by your Cyber Liability policy.
Although your company likely carries other types of insurance, these policies typically will not provide any assistance if electronic data is lost or destroyed. A common misconception is that commercial property insurance would provide coverage for data or electronic files that are damaged or destroyed since technically this electronic data is a form of digital property. However, most commercial property policies specifically limit coverage to physical property and exclude coverage for electronic data.
What does Cyber Liability Insurance cover?
Cyber Liability Insurance covers financial damages and losses resulting from hacking, data breaches, viruses, and other cyber events. Claims are divided into first-party and third-party coverage, and you can choose whether to purchase first-party or third-party coverage or both.
First-Party Coverage
First-party coverage pays for your company’s expenses that are directly caused by hacking or other cyber liabilities. Common examples include:
- Electronic data loss or damage. If a cyberattack or data breach damages or destroys your data, your insurer will pay to recover the data, including the costs of hiring experts to help you restore or repair the data. Some insurers will also pay if data is accidentally destroyed, but others exclude accidental data loss.
- Business interruption. If your consulting business is unable to continue normal business operations due to a cyberattack or data breach, any loss of income can be covered by first-party coverage. You may suffer losses due to an inability to access data or systems and need to devote resources to address the issue that would otherwise have been used to generate income for your business. Note that this coverage would not apply to indirect losses, such as if your reputation was damaged due to a hack and sales were lower as a result.
- Cyberextortion. Cyberattacks may allow hackers to hijack your data, systems, or websites, and hold them hostage until a ransom is paid. This type of cyberextortion can cause a temporary loss of revenue for your firm, and you may suffer additional costs in order to pay a hacker’s ransom or repair any damage that was done. These costs would be covered under first-party coverage.
- Data breach notification. As data breaches and cyberattacks have become more common, states have increasingly enacted regulations to require companies to notify affected parties when a data breach occurs. While not federally mandated, data breach notification laws are managed at the state level, meaning there are different requirements by state on how or when a company must issue a notification. Make sure you consult your individual state mandates to ensure you are in compliance. Costs for data breach notifications would be covered under first-party coverage.
- Reputation management. Being involved in a data breach or cyberattack can have a negative effect on your company’s reputation. Your insurer could pay for a public relations campaign to repair your reputation. It could also aid public relations efforts by paying for credit monitoring services for affected customers.
- Consulting fees. Your company may need to hire lawyers or consultants to investigate the extent of the breach and advise you about any regulations you may need to comply with.
Example:
- One of the employees of your educational consulting firm is fooled by a phishing scam and downloads a virus that spreads to the rest of your computer network, shutting down your systems and delaying several key projects. Your insurer will pay for the costs of hiring consultants to remove the virus and restore any data that was lost.
Third-Party Coverage
Third-party coverage protects your firm if you are sued by clients, customers, or other third parties for failing to protect their data.
- Legal fees. If your business is sued, your insurer will pay for attorney’s fees, court costs, and any resulting judgments or settlements.
- Network security claims. If your clients’ data is stolen, your company could be held liable. Situations such as a data breach, malware, denial of service attack, or unauthorized access to data by a hacker or rogue employee can all leave you open to network security claims.
- Privacy claims. If private data is stolen from your customers or employees, they could sue you for failing to protect their privacy. In addition to data breaches, privacy claims can be caused by loss of physical records and human error. For example, if one of your employees accidentally sends personal data to the wrong person, this could result in a privacy claim.
- Regulatory fees. Your insurer will cover any fines or penalties you’re required to pay. It will also pay for any costs you owe to banks to reissue credit cards.
Example:
- A client hires your market research consulting firm to analyze how their customers’ behavior and buying patterns change over time. Your client provides a large dataset of customer information to work with, which includes personally identifiable data. Hackers break into your network and steal this information. Your client sues you for failing to protect their data. Your Cyber Liability Insurance would cover the lawsuit and any settlements or judgments against your company.
What isn’t covered by Cyber Liability Insurance?
Cyber Liability Insurance is still a fairly new product in the insurance market, and as such, exclusions typically vary a great deal among insurers. Here are a few scenarios that are commonly excluded by insurers:
- Damage to your business reputation as a result of a data breach
- Costs to fortify and improve your internal technology systems
- Lost future sales because customers avoid your business after a breach
- Loss of intellectual property owned by your business
- Damage to your business caused by your own or your employee’s actions. For example, you install new software that causes your network to go down for several days.
It’s important to note that before beginning coverage, some policies require a waiting period—a predetermined period of time during which the insurer would not pay for losses. Coverage would begin after the waiting period passes. For example, if your policy has a waiting period of 10 hours and your website is down for 15 hours due to a network outage, your insurer would not pay for any losses incurred in the first 10 hours.
Are legal fees included in limits of insurance?
Cyber Liability Insurance typically has what is known as “shrinking limits” for legal fees. This means that if your company is sued, your insurer will pay for attorney’s fees, court costs, and any other legal costs, but these costs will be subtracted from the total amount of coverage available to you, reducing the funds available to pay for any settlements or judgments against your company. It’s important to keep this in mind when selecting your coverage.
What are sublimits in Cyber Liability Insurance?
Cyber Liability policies may have sublimits for first-party coverage, which means that the maximum amount of coverage for first-party claims could be less than the overall limits of insurance. For example, your company’s policy could have a $1 million limit of insurance and a $500,000 limit for first-party claims. If your company was held liable for a $900,000 first-party claim, it would have to pay the remaining $400,000 itself.
Does Cyber Liability Insurance have a deductible?
Cyber Liability Insurance policies commonly include a deductible. This is a portion of the cost of the loss that your company must pay before the insurer will begin paying for the claim. Lower deductibles result in higher premiums.
How much does Cyber Liability Insurance cost?
The average cost of Cyber Liability Insurance is about $1,485 per year (about $125 per month) in the U.S. for $1 million in liability coverage. Costs vary depending on a number of factors, including:
- Company size
- Industry
- Location
- Type and amount of data stored
- Security practices and systems in place
- History of prior cyberattacks or data breaches
The following table shows the average cost of Cyber Liability Insurance by state, based on a 2020 study conducted by AdvisorSmith.
State | Average Cost of Cyber Insurance | Difference from National Average |
---|---|---|
Alaska | $1,532.89 | 3.23% |
Alabama | $1,539.40 | 3.67% |
Arkansas | $1,646.50 | 10.88% |
Arizona | $1,581.50 | 6.50% |
California | $1,430.18 | -3.69% |
Colorado | $1,521.67 | 2.47% |
Connecticut | $1,593.62 | 7.32% |
District of Columbia | $1,539.25 | 3.66% |
Delaware | $1,446.47 | -2.59% |
Florida | $1,529.82 | 3.02% |
Georgia | $1,450.54 | -2.32% |
Hawaii | $1,519.46 | 2.32% |
Iowa | $1,505.73 | 1.40% |
Idaho | $1,483.70 | -0.08% |
Illinois | $1,434.59 | -3.39% |
Indiana | $1,484.06 | -0.06% |
Kansas | $1,501.38 | 1.11% |
Kentucky | $1,587.10 | 6.88% |
Louisiana | $1,623.94 | 9.36% |
Massachusetts | $1,380.59 | -7.03% |
Maryland | $1,471.18 | -0.93% |
Maine | $1,467.39 | -1.18% |
Michigan | $1,339.33 | -9.81% |
Minnesota | $1,708.11 | 15.03% |
Missouri | $1,509.00 | 1.62% |
Mississippi | $1,472.55 | -0.84% |
Montana | $1,478.29 | -0.45% |
North Carolina | $1,421.49 | -4.27% |
North Dakota | $1,464.42 | -1.38% |
Nebraska | $1,485.64 | 0.05% |
New Hampshire | $1,431.99 | -3.57% |
New Jersey | $1,615.25 | 8.77% |
New Mexico | $1,355.36 | -8.73% |
Nevada | $1,507.55 | 1.52% |
New York | $1,616.70 | 8.87% |
Ohio | $1,553.68 | 4.63% |
Oklahoma | $1,513.03 | 1.89% |
Oregon | $1,462.50 | -1.51% |
Pennsylvania | $1,466.49 | -1.24% |
Rhode Island | $1,541.58 | 3.81% |
South Carolina | $1,398.83 | -5.80% |
South Dakota | $1,489.45 | 0.30% |
Tennessee | $1,500.20 | 1.03% |
Texas | $1,459.22 | -1.73% |
Utah | $1,515.10 | 2.03% |
Virginia | $1,467.83 | -1.15% |
Vermont | $1,457.70 | -1.83% |
Washington | $1,449.80 | -2.37% |
Wisconsin | $1,523.03 | 2.56% |
West Virginia | $1,629.64 | 9.74% |
Wyoming | $1,426.89 | -3.91% |
Final Word
Cyber Liability Insurance is a crucial coverage for businesses in the consulting industry to consider since consultants often work with confidential information. Even tech-savvy companies with excellent cybersecurity practices could fall prey to a new type of cyberattack. For smaller companies, outside hackers aren’t the only risk. Former or disgruntled employees can also execute attacks as they may have intimate knowledge of security practices and login credentials. Recovering and repairing data can be costly, and the reputational damage that comes with news of a data breach or hack can be difficult to repair. Cyber Liability Insurance can help protect companies from these risks. It can help your business avoid cyber incidents and mitigate the damage if an incident does occur by providing funds to aid in your company’s recovery and deal with third-party claims. If you feel like you need it, check out our reviews of the best cyber insurance carriers to find an option that fits your company’s needs.