When cyber coverage was introduced, it came with a couple of questions. One major one was: “who needs cyber liability insurance?” Now, with the rising level of damaging cyberattacks, exposures, and changing public views, the answer to who needs cyber liability insurance should go without saying. The question now is, “who doesn’t need it?”
As essential as it is, purchasing cyber insurance can be complex. That is why we designed this post to simplify the process. Read on!
As a result of the rising cyber risks, it’s essential to use cyber liability insurance to minimize your loss risks. Just like the name implies, cyber liability insurance applies to the liability a company undergoes after a cybersecurity event. Who needs cyber liability insurance, how does it work, what does it cover, and what doesn’t it cover? You are about to find out!
Types of Cyber Attacks
We can’t know who needs cyber liability insurance without explicit knowledge of the potential types of cyber attacks. Cyber criminals keep coming up with new tactics all the time to attack organizations. Here are some of the most used techniques:
- Malware: Malware is a collective name for different forms of malicious software. The harmful software takes over the machine, detects user actions and clicks, and sends sensitive data from the affected computer or network to the hacker’s home base.
- Phishing: An attacker acts as a representative of a trusted organization to deceive a user into taking action he or she would not ordinarily take. It can be in the form of a malicious file attachment or a bogus link.
- Denial of service attack (DoS): The hacker attacks the network bandwidth by flooding the website with more traffic volume than it can handle, which will make it impossible for rightful visitors to access the website.
- Ransomware: This type of malicious software encrypts files to prevent users from accessing them and then demands ransom payment for their recovery. After you click on a phishing link or visit a compromised (stolen or hacked) website, these attacks can happen.
- Brute force attack: The attacker uses a trial-and-error method to guess the password to decode encrypted data. He or she tries as much log-in information as quickly as possible.
- Spoofing: A cyber criminal disguises as a known, trusted user or device and attacks network hosts, steals sensitive information, or spread malware.
What is Cyber Liability Insurance?
Cyber liability insurance is a policy primarily developed for malicious attacks, information breaches, and other cybersecurity attacks. We live in an age where many organizations have all their operations done electronically, and the data they gather contains most of their assets.
However, there have been various cases of high-profile personal information breaches that have compromised millions of records and caused the affected companies to lose millions of dollars. In fact, a recent article by PCMag reported the average cost for data breach for Canadian businesses was a whopping $4.74 million. Why?
If cybercriminals penetrate your business network, take over your website and data, or steal your client’s sensitive information, apart from having to cover the recovery costs, you can be held responsible for the incident. This is where cyber liability insurance or cybersecurity insurance comes in.
This insurance coverage helps businesses recoup from and covers the cost linked with such an occurrence. Specific Industries like healthcare, retail, or banking have specialized policies. Cyber liability coverage’s principal goal is to safeguard the business, but the protection can also extend to the clients who associate with the business.
What Can Cyber Insurance Cover?
- Security breach rectification and notification expenses: This insurance coverage can cover the costs you’ll incur from notifying affected parties and managing the incident.
- Regulatory defense bills: These are civil fines accrued while responding to a regulatory proceeding as a result of privacy or network security breach.
- Legal fees and civil damages: Legal representation can be pricey, but this insurance coverage can cover the cost. It can also cover the cost of possible damages associated with privacy or security network breach.
- Forensic investigations costs: The expenses you incur from engaging a data breach response company.
- E-commerce extortion and reward payments: It covers the bills to a professional negotiator and the possible ransom payments to whoever is extorting your organization.
- Computer program and electronic data restoration bills: It covers the expenses you’ll incur to recover and restore damaged or compromised data caused by a security breach, denial-of-service attack(DoS), or ransomware.
- Business interruption and additional expenses: A security breach can cause an interruption in business activities making your business lose Income. Cyber liability insurance covers these losses and the costs they incur.
- Crisis management expenses: You’ll probably need public relations to manage the damage cyber-attacks causes to your company’s reputation. Cyber liability insurance covers the cost.
- Identity Theft: Some cyber liability insurance policies in Canada offer coverage for stolen identity resulting from the cyber event. This involves help in recovering personal data and settling financial losses relating to identity theft.
How does Cyber Liability Insurance Work?
To answer “who needs cyber liability insurance?” first, it’s essential to know how it works. Most businesses have general liability policy coverage, but general business insurance policies do not typically contain cyber insurance. In other words, your regular business insurance would almost definitely exclude cyber attacks and similar events.
Cyber insurance would not stop a data breach from happening. Just like a homeowner can’t prevent a fire because he or she has a homeowners’ insurance policy, cyber insurance can neither prevent a data breach from happening nor make it impossible.
However, cyber insurance makes sure your business remains financially stable in the event of a security breach. Sometimes called cyber liability insurance coverage, cyber insurance helps your business lessen the risks of a security breach.
Although cyber liability insurance is relatively new in the insurance industry, it has grown rapidly in recent years because businesses have begun to see just how exposed they are to cyber risks. So who needs cyber liability insurance?
Who Needs Cyber Liability Insurance Policies & What do They Cover?
Who needs cyber liability insurance? As explained earlier, your cyber liability insurance covers financial losses that arise from security breaches and other cyber events. Virtually all cyber policies include both first-party and third-party coverages. Some coverages may be added automatically, while others are available separately.
First-party coverages covers expenses your firm incurs directly because of the breach, like the cost of notifying your clients about a security attack.
Third-party coverages cover claims made against your firm by third parties such as companies or people who have got affected due to your actions or lack of it. For instance, if a client sues you for negligence after a hacker gets hold of his personal infomation from your computer system and posts it online.
1. First Party Coverages
To make who needs cyber liability insurance obvious, let’s discuss the types of first-party coverages you will typically find in a cyber liability insurance policy. Note that these insurance coverages may be subject to a deductible.
- Losses from damaged or stolen electronic data – It covers the cost of replacing or restoring corrupted or stolen electronic data resulting from a data breach. It protects you whether the information is your firm’s or belongs to a third-party. Cyber attacks like a hacker attack, a virus, or a denial of service attack(DoS) always result in losses which this policy would cover. It may also cover the cost of engaging professionals or consultants to assist you with the preservation or reconstruction of data.
- Loss of Income from Business Interruptions and Extra Expenses – This policy covers income losses you suffer and additional expenses you incur to prevent or mitigate a shutdown of your business after your computer system fails because of a covered peril. Some policies cover income losses you suffer when your network provider’s system has been breached. These losses are called dependent income losses.
- Cyber Extortion by a hacker – A hacker can break into computer systems and threaten to commit a malicious act like corrupting your data, launching a virus, initiating a denial of service attack, or posting confidential data if you fail to pay a specific sum of money. This coverage usually extends to any extortion money you pay to the hacker and other expenses you incur while complying with the hacker’s demand.
- Notification Expenses – Covers the cost of notifying employees and clients (voluntarily or legally required) about a data breach. It may also cover public relations costs and the cost of offering credit monitoring services or establishing a call center.
- Reputation Management – This can be called Crisis Management. Some policies cover the expenses you incur for marketing and public relations to secure your company’s reputation after a data breach.
Each of these cyber liability policies contains different terms that are explained in the Definitions section. You need to know the meaning of these terms to understand the policy.
2. Third-Party Liability Coverages
The liability coverages covered by a cyber policy are typically claims-made. Coverage usually applies to damages or payments that result from covered claims and your legal defense costs. Note that defense costs may lower your insurance limit. A cyber liability insurance policy may cover retention, a payment you make before the insurance company will pay.
- Network Security and Privacy Liability Claims- It covers claims made against your firm for negligence, errors, or omissions that caused a denial of service attack (DoS), unauthorized access, the introduction of a virus, or any other security breach of your network. It also covers claims alleging you failed to effectively protect customers, clients, or employees’ sensitive data that you saved on your computer system.
- Electronic Media Liability Claims – Electronic media liability insurance covers media liability claims made against you like libel, copyright infringement, slander, defamation, invasion of privacy, or domain name infringement. Usually, these acts are only covered if they occurred because you published electronic data on the Internet.
- Regulatory Proceedings – It covers fines or fees imposed on your firm by regulatory organizations that supervise data breach laws. It also covers the cost of hiring a lawyer to help you in response to a regulatory proceeding.
Now you know what cyber insurance covers and that the answer to who needs cyber liability insurance is every business owner.
What Does Cyber Liability Insurance Not Cover?
Now that we know who needs cyber liability insurance and what the policy covers, we should discuss what it excludes. Each policy is unique, so business owners need to review their coverage with care before purchasing cyber liability insurance.
It’s important you carefully read through your cyber liability insurance policy and be clear on any exclusions. These are some losses commonly excluded by cyber liability:
- Property loss: Losing a piece of property such as a phone or computer stolen during a cybersecurity event. This loss would need to be filed under commercial property insurance, not a cyber policy.
- Criminal activity: A cyber liability policy won’t insure you against robbery, employee theft, and other illegal activity. These activities are usually covered by a ‘commercial crime’ policy.
- Property damage or bodily injury claims: Cyber liability insurance won’t cover bodily injury or property damage claims. These claims will be covered by general liability insurance.
- Social engineering: Social engineering is one of the ways cyber criminals attack their victims. They deceive people into transferring company funds. Not all cyber liability insurance policies cover social engineering. Instead, it may come with a smaller coverage limit or in the form of an optional add-on.
- If your expenses exceed the coverage limits you have on your policy, then your cyber liability insurance policy won’t cover you.
Buying a cyber liability policy means you accept maintaining the necessary security steps to prevent a cyber incident from occurring. If you did not maintain these security measures, the insurance company might deny you coverage.
For instance, let’s assume an employee mistakenly clicks on a malicious link in an email, which corrupts the company’s computer systems. If your insurer later finds out that the company did not install any anti-malware software, they could deny you coverage for failure to use preventive measures.
As seen in the example, before you agree to a cyber liability policy, it’s important to know what you are agreeing to and have adequate security measures on ground. Another option is to contact external security firms to help you get up to speed.
Proven Steps to Reduce Your Cyber Risk
Although you totally need cyber insurance, and an insurance plan could protect your business from potential cyber-attacks, the best defense against cyber risks is to tighten your security. Sometimes, you can even save on a cyber liability insurance policy if you can show your insurance company records of risk management, like a disaster recovery plan.
These are three proven steps you can take to reduce your cyber risks:
- Develop a Data Breach Response Plan
Don’t know what steps to take after a data breach? The first hours and days after a network security failure are essential to making sure your business remains functional, both short-term and in the long run.
- Evaluate Your Risks Regularly
It’s one thing to know your potential risks and plan for a possible disaster, but it’s another thing to conduct regular evaluations and reviews and then update your data breach response plan if need be.
- Use Best Practices for Guarding Data
Examine which employees have access to sensitive information. You can often get rid of risks by restricting the access your employees have to your network or computer systems. You should also assess your passwords and make sure every member of your organization uses the best password practices. These include using passwords that are long enough and complicated enough to resist hacking attempts.
Important Reasons Why Your Business Needs Cyber Insurance
Who needs business insurance? You! Not sure why? The good news is you are about to find out why. Whether your business is a small family business or a billion-dollar company, you likely conduct a large portion of your business online. Only a few businesses today operate without using email, web-based applications, and online storage.
Many businesses also control their reputations and customer service through social media networks. Unless you operate a cash-only business, you likely disseminate financial and banking information online too.
The internet makes business operations faster and easier, but it also leaves your business and customers vulnerable to cyber attacks. This is why the answer to who needs cyber liability should be all business owners. So, If you’ve been thinking cyber insurance is only for large retailers, think again.
Research shows that small businesses are now a rising target of cyber thieves. So both small and large business owners fit into who needs cyber liability insurance. We highlighted five reasons why your business needs cyber insurance.
1. If You Store Your Customers’ Data Online
Whether you use an in-house server or save your data in the cloud, there’s a good chance you handle digital files containing your customers’ private personal information. This information is a treasure trove for hackers and identity thieves.
They can steal your customers’ identities and financial information and use them to open fraudulent accounts or even try to extort your company for cash payments. So, if you fall under this category, you fit into who needs cyber liability insurance.
2. A Data Breach Is Unavoidable
According to electronic data security experts, data breaches are not a matter of if, they are a matter of when. As said earlier, it doesn’t matter if you run a small, one-person business or a large enterprise level organization. The sad reality is that cybercriminals target all business sizes. In fact, according to research, almost half of all data breaches concerned small businesses.
In Britain, a survey found that 74 percent of small businesses reported a security breach in 2015. Mark Smith at The Guardian reported, “Experts are warning that not only are small businesses now in the crosshairs of cyber criminals, but they are also rapidly becoming their favourite targets, and are often grossly unprepared.”
Data security professionals identified two primary reasons why small businesses are common victims of hackers and identity theft. The first reason is small businesses assume they are too small to attract cyber thieves. So, they fail to protect themselves adequately. The issue is cyber thieves are aware of this weakness and they take advantage of it.
Another reason is a tight budget. However, ignoring this risk and hoping it never happens may save you money in the short term but the expenses associated with hacking could range from slight inconvenience, to reputation damage, loss of customer information, fines, and to top it, company closure. So if you think small business owners are not among who needs cyber liability insurance, think again. Business owners generally should not fail to safeguard their systems.
3. Data Breaches Can Make You Go Out of Business
Without cyber liability insurance, you will have to foot the costs for damages that result from a breach. A report by The National Cyber Security Alliance in Washington DC states that one in five small businesses will undergo a data breach and a whooping 60 percent would have to close their doors because they can’t recuperate from the financial fall.
Even a considerably minor breach can make a business lose thousands in information technology (IT) costs and associated cleanup. The expenses typically include:
- Legal Expenses: When security breaches lead to a lawsuit, businesses would have to defend themselves appropriately. A single lawsuit can cost thousands of dollars to defend.
- Investigative Fees: Businesses have to investigate the security breach. This means engaging IT experts and computer forensic investigators to trace the breach’s source, fix damage, and take steps to make sure it doesn’t happen again. Sometimes, a business may have to work with law enforcement to help with a government investigation.
- Notifications of Identity Theft and Loss of Data: A rising number of jurisdictions require businesses to inform their clients or customers when their information gets compromised. In Alberta, Canada, companies in the private sector must follow the compulsory breach reporting under the province’s Personal Information Protection Act.
Other provinces, like Ontario, Labrador, New Brunswick, and Newfoundland, set certain reporting criteria for health-related data breaches.
- Business Losses: When a business undergoes a data breach, it usually loses more than money. Extended periods of inactivity and interruptions in the regular business flow can be financially tragic for any business.
If you do not want to be weighed down with these expenses in the event of a cyber claim, then you are who needs cyber liability insurance.
4. Your Existing Business Insurance Coverage Will Not Cover a Cyber Attack
Are you thinking, “ This isn’t for me, I already have business insurance! Why do I need to pay for additional coverage?” When asked who needs cyber liability insurance? Many business owners assume they don’t need it because they already insured their organizations under general business coverage. However, your general liability policy coverage most likely excludes cyber attacks.
Besides, your business liability insurance will likely not protect you if you suffer data loss due to an embittered employee or computer virus. Most basic business insurance policies cover data loss due to a natural disaster, but they leave out for malicious attacks like hacking and employee sabotage.
Usually, a general liability policy explicitly excludes losses you accumulate because of the internet. Therefore a good cyber liability policy can pick up where your general policy stops. If all you have is your general liability policy, then you fit into who needs cyber liability insurance.
5. Cyber Insurance Can Offer You Effective Risk Management
Many large organizations have entire departments dedicated to risk management. However, for most small businesses, tight finances don’t allow this. This is where a good cyber insurance policy fills in. Cyber insurance perform functions closely related to a devoted risk management team.
There are several ways an insurance policy can bridge that gap. An insurance company might work with a small company to ensure a firewall is put in place to safeguard your network and make sure you have social media policies in place to mitigate risk.
Your insurance company may be willing to help you with these areas because the better protected you are, the lower your chances of having a breach that could lead to a claim. Do you want to mitigate cyber risks effectively? Then the answer to who needs cyber liability insurance is you!
How to Choose a Cyber Insurance Policy for Who Needs Cyber Liability Insurance
Now that you know who needs cyber liability insurance, you need to know what to look for when choosing a cyber insurance policy. Afterall, you need this policy protect what you’ve worked so hard to develop. These are some steps you should take:
- Determine The Type of Cyber Insurance Coverage You Need: Just like most types of insurance, there is no one-size-fits-all policy coverage for cyber insurance. For instance, if your business circulates content, you may require media liability insurance.
If you work in the healthcare sector, you may need greater privacy coverage than any other type of business. If you are in the technology industry, you may also need cyber coverage that guards you against data loss caused by third-party cloud or software providers.
- Work with an Insurance Broker: There are many options for cyber insurance you can choose from for your business. You can decide to work with an insurance agent; however, this reduces your choices because the insurance agent will likely only offer coverage from one insurance company. Therefore, you can choose to search for insurance through an insurance broker instead.
What Determines the Cost of Cyber Liability Insurance
What determines the cost for who needs cyber liability insurance? Individual businesses determine what the cost of cyber liability coverage would be. Some of these factors are:
- Digital security protocols you’ve put in place to reduce your exposure to cyberattacks and security breaches.
- Whether your third-party providers have any of your unencrypted information in their custody.
- The back up systems for your information.
- Your company’s policies for policies.
- Your industry and the type and value of your business.
- Your business’ insurance and claims record
- The number of personal records your business retains or can access and the kind of information.
- The level of commercial information your business retains or can access and the nature of the information.
There may be other factors because each insurance company is different.
How to Mitigate Risks Associated with Cyber Liability
Insurance is just a way you can protect your business from cyber liability threats, and you should only use it as a safety net. This means, you want to prevent a cyber even from happening in the first place to protect your company’s reputation, money, employees, clients, and partners. Now how can a person who needs cyber liability insurance mitigate their risks?
These are some ways to help minimize your cyber liability risks:
- Create cybersecurity processes and make training available to all your staff. This training can cover password protocols, protecting physical devices, and how to avoid malicious software and phishing. It should also include what to do if a cyberattack or data breach occurs and how to notify the affected parties.
- Schedule security tests and drills associated with a cyberattack or data breach occurence consistently.
- Make sure you protect and safely back up all important information at your disposal using a cloud-based storage system.
- After an incident, record all circumstances and your responses so that you can learn and prevent another incident from happening. This record can also help track your losses, and is required legally depending on the size and manner of the breach or attack.
- Install a firewall for your computer network from a reliable provider.
- Install anti-virus and anti-malware software for your computer system.
- Use monitoring tools to locate electronic dangers.
Answers to Some Frequently Asked Questions on Who Needs Cyber Liability Insurance?
Bottom Line on Who needs Cyber Liability Insurance?
There you have it! We hope you now have the answer to who needs cyber liability insurance. Cyber liability insurance is a specialized area so if you aren’t really sure where to start from, you can reach out to a cyber liability insurance broker. The insurance broker understands the link between business insurance and cyber insurance and can provide you with the best cyber liability insurance quote.
Cyber liability insurance coverage is limited and the article has outlined some of the policy exclusions. How do you protect yourself against those events? Check how general liability coverage can help you to fill in those gaps and protect you when necessary.