What Is Cyber Risk Insurance?
Gone are the days where all you needed was a sturdy safe or an angry guard dog to secure your valuable documents. Romanticized bank robberies like those of Jesse James and Butch Cassidy have been replaced by invisible heists involving firewalls, passwords, and exploitable bugs in encryption code. To keep up with this new reality, insurance companies created Cyber Risk Insurance (aka Cyber Liability Insurance).
Criminals these days thrive in the cyber world, taking advantage of the increasing volume of online transactions. As more businesses deal with customer data, criminal data breaches become more frequent and more costly.
When cybercriminals do succeed in infiltrating a network or acquiring sensitive data such as credit card numbers, passwords, or Social Security numbers, the company they steal from can be held liable for the data breach. That's where Cyber Risk Insurance comes in.
Cyber Risk Insurance can protect your business by paying for a legal defense, court-ordered compensation to affected customers, and other related expenses when your business is faced with a data breach or other cyber security incident.
There are two major types of Cyber Risk Insurance policies to consider: first-party response coverage and third-party defense and liability coverage.
First-Party Response Cyber Insurance
First-party response coverage can help pay for immediate customer and business needs resulting from a data breach, including…
- Forensic services to determine whether a breach occurred.
- Notification of customers and employees.
- Customer credit monitoring.
- Crisis management and public relations.
- Business interruption expenses and additional labor arising from a covered claim.
- Cyber extortion reimbursement.
First-party response coverage can help protect your business, your customers and your reputation in the aftermath of a data breach. Depending on your risks, it may be available as a standalone policy or as an endorsement to an existing BOP or General Liability policy.
Third-Party Defense and Liability Cyber Insurance
The other type of Cyber Risk Insurance policy offers third-party defense and liability coverage. This type of policy covers costs associated with a lawsuit brought by a customer or partner for a data breach that your business's actions or negligence allowed. Third-party policies may cover:
- Judgments, civil awards, or settlements.
- Electronic media liability, including infringement of copyright.
- Employee privacy liability, as well as network security and privacy liability.
This type of coverage can help your business cover the legal costs associated with a data breach. Even if you can fix a small data breach and notify affected customers out of your own pocket, you may still be faced with a costly lawsuit.
For the most part, small businesses typically only require third-party Cyber Insurance if they offer IT services. Your insurance agent can help you determine which policy is best for you.
Data Breaches and the Need for Data Breach Insurance
Online criminal activity has steadily increased with the spread of Internet usage, and security firms are in a constant struggle with hackers to stay one step ahead. Even with careful security measures in place, catastrophic data breaches can, and do, occur.
Here are some recent examples:
- In January 2014, as many as 110 million Target customer records were compromised.
- In April 2014, the security bug known as Heartbleed was discovered in the OpenSSL cryptography library. OpenSSL is software used by many websites to provide secure, encrypted data transfer for customers and businesses. This bug allowed user data to be accessed by other, non-authorized parties. Such data included usernames, passwords, and encryption keys.
- In August 2014, the New York Times reported that Russian hackers had gathered more than a billion Internet passwords.
- As of 2015, Kaspersky Lab found that the average small-business data breach cost $38,000.
Though you may think that your small business makes a minor, uninviting target for criminal activity, the opposite can actually be true. Small businesses can be subject to the same security bugs as multi-national corporations and be vulnerable for far longer, because they often lack dedicated IT teams to fix holes. This can put your customers at risk.
Consider implementing risk-management strategies, security training for employees, and other security measures to protect against data breaches. Cyber Risk Insurance, in addition to proactive network security management, can prepare your business for the digital John Dillingers of today, and help manage any events that happen despite your best efforts.
Complete an application with Insureon for free Cyber Liability Insurance quotes or contact an agent to discuss which Cyber Liability coverage best suits your needs. Hint: to request Cyber coverage, you'll have to first choose General Liability Insurance or a Business Owner's Policy, then request Cyber as part of that coverage.