If there's one event people are starting to prep for like they would a zombie apocalypse, it's mega cyber attacks. Unlike zombies whose slow lurching gives them up a mile away, you might never see these digital threats coming until it's too late. Perhaps that's why businesses are starting to get more interested in Cyber Liability Insurance.
According to Bloomberg Business, some larger businesses are even trying to buy all variations of cyber coverage, such as policies that cover property damage caused by hacks. Some are so desperate for adequate coverage that they're seeking policies with billion-dollar limits, the report states.
There's a problem with that:
- Higher limits don't necessarily guarantee adequate coverage.
- Myriad types of damages accompany a cyber attack.
- There typically isn't a policy that addresses every kind of loss.
As the report notes, cyber property insurance is still in its developmental stages. Insurers are teaming up with tech professionals and data analytics companies to try to create a realistic risk model and build policies to address those risks. But because cyber coverage is so new and risks are evolving so fast, nobody's quite sure yet how to price these policies or what they should cover.
If you're a small-business owner shopping for Cyber Risk coverage, that leaves you with a few takeaways.
1. Cyber security is a top priority.
If your entire approach to data breach risk management is to invest in insurance, well, you're doing it wrong. Think of it this way: insurance is a safety net under the tightrope. You definitely don't want to traverse a high wire without it, but the goal isn't to fall, either. It's your last resort, not your finish line.
Cyber Liability Insurance makes sense for any business that stores or transmits sensitive third-party information (e.g., credit card numbers, Social Security numbers, etc.). Standard policies can pay for a number of damages that accompany a breach, such as…
- Breach notification expenses.
- Credit-monitoring fees.
- Security investigation and repair.
- Cyber extortion expenses.
If insurance isn't in the budget, your money may be better spent on beefing up your network security. This can be as simple as improving password hygiene, training employees to spot phishing emails, and limiting access to sensitive information.
You don't even have to start from scratch – read the following posts to help you double down on your cyber security: "23% of Small Business Employees Still Make This Critical Mistake" and "Want Bigger Clients? Beef Up Your Cyber Security."
2. Understand what your small business insurance can and can't do.
As mentioned earlier, there's no policy that can cover all types of losses. Though insurers are starting to develop policies that can address cyber property damage (i.e., instances when a hack shuts down infrastructure and cause physical property loss), that coverage is still very limited.
In other words, your standard Cyber Liability Insurance can't cover cyber property loss. And don't expect your other policies to pick up the slack, either. Typically, standard General Liability Insurance and Commercial Property Insurance can't cover damages stemming from data breaches or cyber attacks. While these policies do address some types of physical damage (e.g., when a client suffers a slip-and-fall injury or when a fire destroys a building), they aren't designed to handle damage brought on by tech risks.
For more information about why General Liability Insurance can't cover breaches, read "Once More, with Feeling: Commercial General Liability Insurance Won't Cover Data Breach Liability."
3. Understand that data breach notification laws are different in every state.
If your business is hacked and client information is exposed, it's your responsibility to notify the affected parties. Depending on the state's data breach notification laws, you may also have to pay for credit monitoring expenses if the breach is big enough.
Here's the kicker: there's no federal data breach notification law yet. For any given breach, you may have to contend with multiple state laws if the affected parties reside in different places. So if you are based in Illinois but have clients in New York and Ohio, you may have to comply with three different state data breach laws after a hack.
Cyber Liability Insurance can help pay for these notification expenses, but it's still a good idea to understand your legal obligations before a hack happens. To learn about state data breach laws, read "Reminder: It's Your Job to Keep Customer Data Safe."