Entrepreneurs face cybersecurity threats every day, with major data breaches making news headlines constantly. Both large corporations and small businesses alike are facing vulnerability to cyber attacks and hacks that can be detrimental to their bottom line and reputations. The sensitive digital information from internal data and millions of third-party customers stored on firms' electronic networks can be exposed and exploited by hackers. As a result of this increasing threat and risk, cyber liability insurance has emerged as a solution to help cover the losses of businesses hit by internet-based hacks.
As businesses increasingly rely on technology to deliver solutions for their customers, cyber liability insurance has become a must-have protection to safeguard organizations from the huge losses in income, liability, compliance failures and more.
“Cyber liability insurance protects businesses not only from expenses that can be incurred from a data breach, but also from any liability that you might incur from the breach," says Katy Brooks, Executive Vice President, P&C Producer at The Bank of San Antonio Insurance Group.
"When you have a data breach, there are some steps you're obligated to take, like monitor the credit of anyone's records that you've ever had, including your employees. The cost of that is high, and the cost of hiring forensics to figure out where the attack came from and how to stop it is also very high. Business owners can buy a cyber liability policy to cover these expenses, as well as the liability expenses, in the event that you are sued because someone has been financially impacted by a breach in your system.”
When considering a cyber insurance policy for your business, there are some important factors to keep in mind:
Understand types of cyber coverages
Cyber liability insurance protects businesses that sell products on the internet or collect data, including social security numbers and credit card information. A policy will cover notification costs, credit monitoring, costs to defend claims by state regulators, fines, and penalties and losses resulting from identity theft.
In addition, certain policies will protect against liabilities incurred by disruptions in website media content that suffers from business interruptions, data loss or destruction, computer fraud, fraud-transfer loss and even cyberextortion.
Scenarios protected by cyber insurance
- Data breach: Your customers' private information is exposed, making them susceptible to damages or losses. Personally identifiable information (PII) consists of any sensitive data of an individual such as social security numbers, bank account numbers, or passports.
- Business interruption: Some digital threats such as distributed denial of service (DDoS) attacks are intended to bring down an organization's information systems rather than steal business data. When IT infrastructure is unavailable due to a cyber incident, there is a large cost to normal business operations and lost revenue. These can be minimized with business interruption coverage.
- Media: A policy covers third-party advertising injury claims for internet events. For example, unintentional copyright infringement cases or invasions of privacy resulting from communications on a website or social media platform can be covered.
- Network failure: Similar to business interruption, coverage is provided for business and third-party damages that result from a denial of access to networks, including costs related to theft of hosted data or data stored by third-party suppliers.
- Extortion: This covers payments to criminals who demand a ransom for stolen or damaged digital information, plus professional fees related to extortion threats.
- Loss of physical records and devices: Insurance will cover the loss of information by theft of stolen physical records or business devices. Dishonest or disgruntled employees looking to harm their company are just one common example of this type of incident.
Have a cybersecurity plan in place
Take steps to prevent attacks in the first place, or at least to minimize the damage, by preventing extreme losses when an incident does occur. Create a robust framework involving an incident response plan. Pay special attention to your computer network's security. Train and educate your employees as a first line of defense against cyberattacks.
Make sure you have a firewall in place and update your software systems regularly. Confirm your vendor's software security, change passwords frequently and be sure to encrypt sensitive data by backing it up securely.
Despite the best contingency plans in place, all organizations are still susceptible to an unwanted intrusion or data breach. Be sure to take steps so that your business can continue to operate between the time of the data breach and the time a cyber claim is filed and processed.