What is cyber liability insurance and what does it cover?
Primarily Cyber coverage covers a business against risks associated with damages resulting from a breach of its computer systems. Hacking attacks can result in different types of damages such as data theft or bringing down a companies website. Cyber insurance would mitigate the cost associated with the damage that these types of computer hacks can do.
Regardless of the type of business it is, if a company has custody sensitive data that they are responsible to protect then that business should have Cyber Liability coverage. This is simply a matter of the world we live in these days where businesses are responsible for damages related to a cyber incident or privacy breach in which such information is compromised. Most smaller business may not feel that it is worth the expense or trouble but the costs associated with litigation and damages from such risks can can be the end of them.
There are multiple factors that go into determining the price for such coverage. Three particular points underwriters look at that are specific to Cyber Insurance are internal company controls, the type of data in custody (financial, HIPAA…) and the number of records a company has. Other more common underwriting points include company revenues, number of employees and the nature of business.
Types of Damages Covered By Cyber Insurance Policies
To begin with, Cyber Insurance policies will cover 1st party and 3rd party damages, so what does that mean? 1st party damages are costs incurred directly by the insured as a result of a cyber incident. If you have direct costs associated with a cyber incident, 1st party coverages within a Cyber Insurance policy are there to make you whole.
3rd party damages are damages incurred by an 3rd party such your customers. In this instance you as the insured are the 1st party and the insurance company is the 2nd party. If your customers, a 3rd party, were financially harmed as a result of a Cyber incident your company were to suffer, your insurance would cover the associated 3rd party damages. So the next question is what are some examples of these costs the insurance would cover?
3rd Party Coverage
Since 3rd party damages would be what most people are familiar with I will begin there. Damages like this are the ones you most hear about because they are most commonly associated with big hacks and data breaches where highly sensitive data is compromised. This as you can imagine leads to lawsuits. Your customers, vendors, even your employees who’s data is compromised or is injured as a result of a data breach are within their right to take legal action against you. These are 3rd parties and all of them can file suit.
In such an event, the insurance will cover the legal cost of your defense and as well as damages a court finds you responsible for. In this instance, a parallel would be General Liability insurance for a company if someone got injured on your premises or Errors and Omissions if a client were to suffer damages as a result of your professional negligence. Cyber Liability simply covers a different set of risks.
1st Party Coverage
1st party coverages don’t get as much attention as 3rd party but are still very important to have in place. There are many direct costs a company can incur as a result of a cyber incident, some examples are as follows:
- Public Relations Costs
- Credit Monitoring
- Cost to Restore/Recreate data
- Coverage for Fines and penalties
- Business Interruption Expenses
- Notification Costs
- Forensic Investigation Costs
- Cyber Extortion
Without 1st party coverage, these costs would come out of the insureds pocket.
So here comes the shameless plug. If this is something your company is considering and you’d like to talk about in a little more detail, free free to reach out. I’d be happy to act as a resource.