Get a quote on Cyber Liability Insurance
Most modern businesses rely on technology to store and manage important data. As a result, most companies have some level of cyber liability, and it’s important to consider what impact a cyber attack or data breach could have on your business. It’s particularly necessary for businesses in the IT industry to be prepared for cyber risks since they often deal with large amounts of important data.
What is Cyber Liability Insurance?
Cyber Liability Insurance covers liability and property losses stemming from a data breach, cyberattack, or other cyber event. It’s common for IT firms to store customer information, including contact information or credit card numbers, and this presents businesses with the challenge of keeping that information safe and private.
Cyber Liability typically covers common cyber risks such as data breaches, hacking, ransomware and cyberextortion, denial of service attacks, and viruses. Because Cyber Liability Insurance policies vary widely between insurers, other forms of cyber mishaps, like social engineering fraud and phishing schemes, may be covered depending on the insurer. It could also provide coverage for data breaches that aren’t associated with cybercrimes, such as an employee accidentally emailing confidential data to the wrong person, or a lost or stolen laptop containing private information.
Example:
- Computer hackers access your telecom installation company’s customer records, stealing the credit card information and passwords of hundreds of customers. Your Cyber Liability Insurance will pay for the losses incurred due to the cyberattack, including lost income, data recovery, and credit monitoring services for those customers affected.
Why do IT professionals need Cyber Liability Insurance?
If your company stores employee or customer data such as Social Security numbers, credit card numbers, or health records, it’s a good idea to protect yourself with Cyber Liability Insurance. Although small companies may believe they are less at risk than larger corporations, they can actually be a common target for hackers. Smaller companies typically have fewer resources to devote to cybersecurity compared to larger companies, and they may not be able to prevent attacks effectively or detect problems quickly.
Protection against cyber risks is especially crucial for companies in the IT industry, since they rely on electronic systems and are likely to store electronic data. Additionally, IT companies are likely to work in networked environments. They typically use the internet as part of their work and often have a large number of computers and devices linked on their own private network. This means that if a virus infects one of the company’s computers, it could spread through the entire network, which could have a devastating effect on their business.
When deciding whether to invest in Cyber Liability Insurance, it’s important to understand that other common types of insurance typically do not cover electronic data. Commercial property insurance only covers physical property and does not include coverage for electronic data. Professional liability insurance for the IT industry may include coverage for third-party cyber liabilities that result from errors or omissions in your professional work, but this does not cover cyber losses your own business may suffer and the resultant recovery costs.
Example:
- Your IT consulting company suffers a denial of service attack that causes a loss of key customer data. Your insurance will cover the costs incurred when you hire consultants to help you restore the lost data, as well as compensation for lost income because your sales team was unable to effectively sell without the data.
What does Cyber Liability Insurance cover?
Cyber Liability Insurance covers liability and property losses resulting from hacking, data breaches, viruses, and other cyber events.
Cyber Liability Insurance claims fall into two basic categories: first-party coverage and third-party coverage. First-party coverage pays for your company’s expenses that are directly caused by hacking or other cyber liabilities. Third-party coverage will protect you if you are sued by clients, customers, or other third parties for failing to protect their data. Companies can choose whether to purchase first-party or third-party coverage or both.
It’s important to know that some policies may have a waiting period before coverage begins. In these cases, the insurer would not pay for losses for a predetermined period of time. Coverage would begin after the waiting period passes. For example, if your policy has a waiting period of eight hours and your website is down for 12 hours due to a network outage, your insurer would not pay for any losses incurred in the first eight hours.
First-Party Coverage
If your company directly incurs losses as a result of a data breach or cyberattack, your insurer will cover the losses. Common examples include:
Electronic data loss or damage. If data is damaged or lost through a cyberattack or data breach, your insurer will pay the costs of recovering the data, including the costs of hiring experts to help you restore or repair the data. Some insurers will also pay if data is accidentally destroyed, but others exclude accidental data loss.
Business interruption. If a cyberattack or data breach disrupts your ability to do business, your insurer will reimburse you for the income you lost. This only applies in cases where your ability to do business is directly affected by the incident; if your reputation is damaged and your sales are lower as a result, this would not be covered.
Cyberextortion. If your business’s data or systems are held for ransom, your insurer will pay for any costs you incur. For example, if hackers access your computer network and threaten to delete your data unless you pay a ransom, your insurer would provide experts to help you respond to the situation and would pay the ransom if necessary.
Customer notification. Many states require companies to notify customers or employees whose personally identifiable information was affected by a data breach. Your insurer will pay for the costs associated with notifying customers.
Reputation management. Being involved in a data breach or cyberattack can have a negative effect on your company’s reputation. Your insurer could pay for a public relations campaign to repair your reputation. It could also aid public relations efforts by paying for credit monitoring services for affected customers.
Consulting fees. Your company may need to hire lawyers or consultants to investigate the extent of the breach and advise you about any regulations you may need to comply with.
Example:
- An employee at your mobile app development company is fooled by an email that appears to be from a coworker asking them to download a file. The file infects their computer with a virus, which then affects other computers in your company’s network. Your employees are unable to complete their work until the problem is dealt with, which delays the release of an important app. Your insurance company would pay for experts to remove the virus and reimburse you for the income you lost while your employees couldn’t work.
Third-Party Coverage
Third-party coverage protects you against lawsuits filed by clients or other third parties for failing to adequately protect their data and privacy.
Legal fees. If your business is sued, your insurer will pay for attorney’s fees, court costs, and any resulting judgments or settlements.
Network security claims. If your clients’ data is exposed or they aren’t able to access it, your company could be held liable. Situations such as a data breach, malware, denial of service attack, or unauthorized access to data by a hacker or rogue employee can all leave you open to network security claims.
Privacy claims. If private data is stolen from your customers or employees, they could sue you for failing to protect their privacy. In addition to data breaches, privacy claims can be caused by loss of physical records and human error. For example, if one of your employees accidentally sends personal data to the wrong person, this could result in a privacy claim.
Regulatory fees. Your insurer will cover any fines or penalties you’re required to pay. It will also pay for any costs you owe to banks to reissue credit cards.
Example:
- Your web development firm builds a database system for a health care provider network. As part of your development and testing process, you house a subset of the health care provider’s customer data on your servers. A loophole in your server security software allows hackers to access the data and steal private medical information. The healthcare provider sues you for failing to prevent the hack. Your insurer will pay for your legal fees and any settlements or judgments in the case.
What isn’t covered by Cyber Liability Insurance?
Cyber Liability Insurance typically doesn’t cover a number of situations, including:
- Damage caused by your own or your employees’ actions. For example, if your employee accidentally wiped a hard drive containing crucial data, this wouldn’t be covered.
- Loss of your business’s intellectual property
- Lost sales caused by damage to your reputation after a data breach occurs
- Costs of upgrading your company’s security systems
Limits and Sublimits
Cyber Liability Insurance typically has shrinking limits for legal fees. This means that if your company is sued, your insurer will pay for attorney’s fees, court costs, and any other costs, but these costs will be subtracted from the total amount of coverage available to you, leaving less money to pay for any settlements or judgments against your company. It’s important to keep this in mind when selecting your coverage.
Like other types of insurance, Cyber Liability policies have a limit of insurance, which is the total amount the insurer will pay for claims in the same year. It’s also common for Cyber Liability Insurance to have sublimits for first-party coverage, meaning there is a maximum amount of coverage for first-party claims that could be less than the total limits of insurance. For example, your company’s policy could have a $1 million limit of insurance and a $500,000 limit for first-party claims. If your company was held liable for an $800,000 first-party claim, it would have to pay the remaining $300,000 itself.
Does Cyber Liability Insurance have a deductible?
Many Cyber Liability policies have a deductible. Your company is responsible for paying the amount of the deductible, after which the insurer will begin paying for the claim. Lower deductibles result in higher premiums.
Pricing and Quotes
The average cost of Cyber Liability Insurance is about $1,485 per year (about $125 per month) in the U.S. for $1 million in liability coverage. Costs vary depending on a number of factors, including:
- Company size
- Industry
- Location
- Type and amount of data stored
- Security practices and systems in place
- History of prior cyberattacks or data breaches
In order to get an accurate estimate on pricing, it’s best to get a quote from a reputable insurance company. Below we’ve highlighted a few of our trusted partners who offer cyber policies:
| Provider | Cyber Liability | General Liability | Commercial Crime |
|---|---|---|---|
| CoverageSmith | ?? | ?? | ?? |
| CoverWallet | ?? | ?? | ?? |
| Embroker | ?? | ?? | ?? |
| Hiscox | ?? | ?? | ?? |
Final Word
It’s particularly important for companies in the IT business to protect themselves against cyber risks, since they are likely to rely on electronic data or software and work in networked environments. Even companies with excellent cybersecurity procedures could become liable for a data breach or other cybercrime. In addition to paying the costs for recovering data and repairing security issues, companies could lose considerable income if cyberattacks affect their business, and they may also suffer reputational damage that is difficult to repair. Cyber Liability Insurance can help protect companies from these risks. It can help companies mitigate cyber incidents, recover financially, and also provide the funds to deal with third-party claims.