Data breaches and cyber-attacks are among the top risks facing businesses today. And they're becoming more severe, sophisticated, and costly each year. Data breach costs are increasing by 10% year-over-year, and the global cost of cybercrime is spiking, projected to reach $10.5 trillion per year by 2025. Regardless of size, revenue, and industry, every business is vulnerable to cybercrime.
Every organization needs a unified cybersecurity plan — and a vital component of that plan includes cyber liability insurance.
While once viewed as an unnecessary and unwarranted expense, cyber liability insurance is now essential. However, many organizations are unaware that cyber risk is insurable and the coverage options available today are flexible and often customizable to address targeted cybersecurity needs.
To ensure your business understands the value of these policies and the urgent need, let's review what cyber liability insurance is and whom it's for before diving deeper into the included and excluded elements.
What is Cyber Liability Insurance?
A cyber liability insurance policy, also referred to as cyber insurance, is an insurance product that provides financial support to businesses for the costs involved with recovering from a cyber attack or privacy breach.
For example, your business stores sensitive customer information such as email addresses, names, or social security numbers, and a malicious actor makes it available online. IT administrators can rest assured knowing their company is protected from the financial repercussions with cyber liability insurance. The insurance policy will help you prepare, respond, and recover from the attack, helping to recover lost files, revenue, and legal expenses.
One of the essential components of cyber liability insurance is network security which covers data breaches, ransomware, malware, and business email compromise (BEC). Many cyber insurance policies also include 24/7 data breach hotlines, on-demand resource centers, cybersecurity awareness training, and access to knowledgeable breach coaches and other experienced service providers.
What Type of Organizations Benefit From Cyber Insurance?
Every business is vulnerable to cyber attacks and should strongly consider the benefits of cyber insurance. The impact of security breaches and recovery can be legally complex and financially devastating. Most businesses have a regulatory or contractual obligation to safeguard their customers' and employees' personal information. Therefore, any organization that stores customer or employee data such as names, addresses, credit card information, banking, payroll information, and Social Security numbers on-premise or offline would benefit from the financial protection offered through cyber insurance.
The cyber insurance industry is ever-changing in reaction to the evolving threat landscape. The industry will continue to mature and develop hardened requirements in the issuance of insurance policies. Today, most cyber insurance carriers will require customers to attest to adopting information security controls such as strict password policies, routine device patching, multi-factor authentication, data encryption, and many more. Cyber insurance costs increase in response to claims paid, while sub-limits on some types of breaches are introduced to slow premium increases. Businesses in higher-risk industries such as healthcare, education, finance, retail, technology, and insurance can pay higher premiums with reduced coverage in some areas.
What Should a Cyber Insurance Policy Cover?
Businesses with cyber insurance coverage add an extra layer of protection, helping to mitigate potential costs associated with cyberattacks, data breaches, and regulatory infractions. While there is no "one-size-fits-all" cyber insurance policy, most policies will typically cover some of the issues listed below.
- Computer and telecom fraud
- Liability implications
- Business interruption
- Data loss and recovery
- Loss of transferred funds
- Social engineering and phishing attacks
- Cyber extortion and ransomware
- Cyber attacks on data stored by other third parties
Understanding the broad issues typically covered, let's look at the specific expenses a cyber insurance policy pays for if an organization is the victim of a cyber attack.
Notification Costs - Covers the significant expense of notifying parties whose data has been compromised by a data breach or cyber attack. Some policies may also cover the cost of establishing a call center for those impacted and credit monitoring to help detect any suspicious activity or unauthorized charges.
Data Restoration - Covers the expenses associated with restoring or replacing software, electronic data, and other programs damaged or destroyed by ransomware, malware, phishing, or any other cyber attack.
Legal Expenses - Covers the costs associated with lawsuits related to customer or employee privacy and security. Some cybersecurity insurance policies will also cover regulatory fines and penalties from state and federal agencies.
Computer Forensics - Covers the associated costs of hiring computer forensic consultants to determine the extent of the breach and the root cause.
Reputational Damage - Pays for PR management specialists and covers the potential loss of revenue stemming from reputational damage for a pre-determined amount of time after the breach.
Loss of Income and Other Expenses - Covers income lost due to a cyber attack and other costs required to restore business-critical operations. Some policies will also cover cyber extortion and ransomware by reimbursing any extortion payments and expenses related to the incident, such as hiring a negotiator.
What Elements are Excluded in a Cyber Insurance Policy?
As with any insurance policy, each will have its terms and exclude certain types of claims. Here are a few standard cyber insurance policy exclusions.
- Utility failure
- Bodily harm and property damage
- War, invasion, or terrorism
- Projected lost profits in the future
- Loss of value caused by intellectual property theft
- Intentionally deceptive and dishonest acts
- Claims of mistakes or omissions in business services
- Any damages occurred before the policy implementation date
- Betterment claims to improve the functionality of computer systems to a higher level than before the incident
Reduce Your Financial Risk with a Cyber Liability Insurance Policy
Understanding any insurance policy can be challenging, especially when multiple types have overlapping elements. For example, there are different types of cybersecurity insurance policies in addition to cyber liability, such as data breach coverage and technology errors and omissions insurance. While these policies contain many of the same insuring agreements, there are key differences. Businesses must not confuse policies and assume coverage exists where it does not.
Businesses should consult with a trusted cyber insurance security expert to identify the policy best suited to their needs. It is important to remember, companies may still fall victim to a cyber attack even with a robust cybersecurity strategy. However, the right cyber liability insurance policy will protect you after exposures occur, mitigating the costs of recovering from a cyber attack or privacy breach.