October 26th, 2021 Read Time: 6 minutes
Justin Sheil is the Content Marketing Manager at Electric. He has 5+ years experience writing about a wide range of technology topics. As part of his role at Electric, he currently functions as the head of the company’s Research & Insights division.
Subscribe to our blog and stay up to date
When a company suffers a cybersecurity attack, the costs can be astronomical. The average data breach costs somewhere between $1M and $8M, with a rising average of nearly $4M. There are several layers of costs to such an attack, each stacking on the next in a cascade that can seriously impact or even cripple the affected business if they don’t have cyber liability insurance in place.
An increasing number of regulators now fine companies that experience cybersecurity attacks for insufficient protections. GDPR, HIPAA, and even the PCI (payment card industry) will slap heavy penalties on companies that expose customer (and employee) data.
Beyond fines, attacks typically result in legal fees as well as the cost of recovering your system with new-and-improved security measures. You may be required or obligated to reach out to each affected party to offer an alert, apology, and a year of identity monitoring - not to mention the cost of lost revenue from customer distrust after a breach.
Small businesses are at a special risk when it comes to cyber attacks, with 55% having already experienced a data breach and 53% seeing more than one. SMBs naturally have a tighter budget to pay out fines and take recovery measures, which is why cyber liability insurance is just as important for smaller organizations as it is for their larger counterparts.
Cyber liability insurance is a form of financial protection against cybersecurity breaches. With data breaches becoming an industry norm instead of the exception, this type of insurance has been developed to help small, medium, and large businesses to prepare for the crushing costs of a successful attack. From the regulation fines to the potential lawsuits, cyber liability insurance is a multi-faceted insurance type designed to protect businesses from the many costs of exposing sensitive data to a malicious party.
In other words, cyber liability insurance helps to cover the costs of a data breach. It can stop your company from going under with millions in costs. It can also be used to help you secure and rebuild your resources so that this type of breach doesn't happen again.
Cyber liability insurance is offered by specific and general insurance providers. However, the most important thing to understand about sourcing cyber insurance is that it is NOT included in CGL (commercial general liability insurance) and many insurers are unsure how to approach cyber insurance for business clients. That being said, there are many available sources from both local insurance providers and big-name insurance companies. For example, Nationwide, AIG, Liberty Mutual, and Hartford all offer cyber insurance policies, as do other more closely defined insurance providers
It’s important to note that the cyber liability insurance policies available are not always consistent from provider to provider. Many of today's cyber liability insurance policies are hand-tailored by the insurance provider, meaning the exact items covered per type of cyber insurance are not always the same. When choosing your cyber insurance provider, look at premium rates, covered circumstances, and the extent of your coverage before committing to a policy.
Not all cyber insurance policies are created equal. For the most part, we can classify cyber insurance into two primary categories: first-party and third-party policies. First-party cyber insurance focuses on covering the immediate cost to the company after a cybersecurity breach. Third-party cyber insurance focuses on liability protection from lawsuits and regulation penalties.
However, there are also a few other policy types that may be separate or wrapped up into one of the two primary offerings.
First-party cyber liability insurance can also be called Privacy Notification and Crisis Management Expense insurance. It's a mouthful, but the purpose is clear. This type of insurance is to help companies get through that first month or two right after a cybersecurity breach. First-party cyber insurance covers both the costs to take care of affected parties and the costs of quickly activating business recovery methods.
This type of cyber liability insurance covers investigating the cause of the breach, hiring PR experts to reduce revenue loss, and notifying and monitoring those affected. There may be other policies included, like data recovery services and security improvements, but not always.
Like any type of business liability insurance, third-party cyber liability insurance covers the costs you would pay others as a result of a breach. First, third-party liability coverage will help you cover any fees or fines from your regulating bodies. HIPPA, CCPA, GDPR, and PCI-DSS are only the beginning, and their fines for data breaches are hefty. In addition, there are dozens of regulatory bodies and even state laws that level cybersecurity fines for breaches. Cyber liability insurance can predict and help cover these potential costs.
Legal fees are also a major component of third-party cyber insurance. If you are sued by an affected party whose data was lost in the breach, then your cyber liability policy will cover the legal fees and some or all of the settlement, if one is granted.
Often, but not always rolled into cyber liability is coverage for errors and omissions. In this case, Error and Omission liability coverage protects businesses and professionals who provide digital services or goods. In other words, if your company lost data because you provide digital products, this liability protects you from breaches caused by mistakes. Accidentally publishing a private spreadsheet or even programmers inadvertently leaving a security gap in a program could get you sued. Errors and Omissions liability coverage will protect you from the associated costs.
You may want a unique cyber insurance policy just for the risk of cyber extortion. Ransomware is the most common type of cyber extortion but you may also be facing blackmail (threat to release stolen data) or other hacker tricks to get companies to pay to resume their cybersecure status. Many hospitals, for example, benefit from cyber extortion insurance so they can quickly recover their computer system and resume life-saving measures.
Lastly, not all first-party cyber insurance covers loss of income, so you may want a separate policy just for this coverage. Loss of income can account for up to 40% of the total financial loss of a data breach. If your lost income isn't covered, that revenue is gone for good.
Overall, the pros undoubtedly outweigh the cons when it comes to cyber insurance. Just keep in mind that a cyber insurance policy won’t protect against all eventualities, and doesn’t negate the need for robust cybersecurity and data protection policies within your organization.
Protects from the high costs of a cybersecurity breach.
Becomes a part of your recovery plan for damaged data systems
Makes recovery resources accessible to small businesses
Defends from breach-related lawsuits
Does not cover pre-breach vulnerability lawsuits
Income loss is rarely included
Is not intellectual property insurance
Does not always cover Phishing breaches
Is your company covered by cyber insurance? If not, it's time to analyze your business, your risks, and your needs before finding a cybersecurity insurance provider. For more insights into your network or to upgrade your security to reduce the risk of data breaches, contact us today!