What Does Cyber Liability Cover: 6 coverages you should know about
In a previous post I provided a few links to articles on “cyber liability insurance”. The whole reason that this has become a hot risk management topic is because the evolution of business insurance has been out paced by our usage and dependance on technology. The standard policy for Property and Liability, that every company has today, is virtually the same as the policy that they would have had 25 years ago. Sure there have been minor updates, but for the most part, some of the biggest risks businesses face today are not covered by their insurance. Basically every business uses a computer system to manage its finances and billing, store customer information, control marketing and PR programs, communicate with clients, store client data, manage human resources and employee info – and on and on…..and the fact is that traditional business insurance policies don’t address the significant impact there would be on a company if their systems were compromised.
The insurance industry has recognized some of the shortcomings for many years (loss of data not being covered by property insurance – because property as defined in insurance policies must be tangible to qualify to be covered – has been a heated topic for as long as I can remember). A few insurers have offered cyber policies to address these concerns for many years. However, only recently have more carriers followed suit and produced their own cyber liability insurance coverages. Eventually standard business policies will have to address their shortcomings, but until then, a separate insurance policy must be considered as you evaluate your overall corporate risk.
What Does Cyber Liability Cover? Well, each insurer that offers Cyber Insurance does it a little differently, but six key coverage areas seem to be consistent:
- Data Loss & System Damage – Your current property policy covers damage to the computer itself – but not the data stored on them. Doh!
- Business Interruption - Loss of Revenue from downtime after a hack, denial of service, virus…that causes a temporary or long-term shutdown in your operations.
- Notification Expenses – Almost every State has notification requirements – your company must disclose any breach to parties whose private information was, or is reasonably believed to have been, acquired by a person without valid authorization. You may also have to provide ongoing credit monitoring. This could generate significant expenses to your organization.
- PR/Crisis Management - You’ve experienced a security breach, been out of business for a week, notified thousands of clients, vendors, etc of the breach…..better do some spinning Stat! Hire a PR firm and do some marketing and public relations to minimize the damage to your brand.
- Content Liability – Anything associated with the content of your website, blog or other web presence from copyright and other IP claims to slander to invasion of privacy.
- Regulatory Investigation Expense – With the new notification laws having been enacted and privacy legislation constantly changing, there is always the chance that you could get a knock on the door from a friendly civil servant. Most policies exclude governmental or regulatory investigation costs. Bummer. Make sure your cyber policy includes it.
As a business owner, you really need to think about the insurance dollars that you are spending to transfer your biggest risks - would the premiums you are paying for traditional business interruption coverage be better spent on a cyber policy? Where are you more likely to have a loss? And I know what you’re thinking – OK, how much does cyber liability cost. The costs will vary based on the type of business, the sensitivity of the data in your possession, the controls you have in place and the limits of coverage that you select. The lowest premium I have seen for this type of policy has been $1,500.
One final note: insurance policies are just one way to transfer risk……for example we provide our clients with access to a proprietary, internet platform with tools and resources to help them prepare for cyber risks. Anticipation and preparedness can go a long way toward mitigating losses. Included on this platform is a simple online assessment to test your vulnerability, a hotline to speak with a security expert and an incident roadmap to guide you through your response to an adverse cyber event.