Insureon Blog

Why Your General Liability Insurance Doesn't Cover Data Breaches

2. January 2015 07:06

computer-driven despair

It's not terribly surprising that retailers are prime targets when pesky cyber criminals are on the prowl for financial data. The data security firm Imperva recently reported that based on its customer data, retailers were the target of 48 percent of attacks. As we noted in the post, "Cyber Insurance a 'Necessity,' Especially During the Holidays," the increased customer traffic during this time of year only makes retailers all the more lucrative for the scheming hacker.

Even if you're not in the retail business, no doubt all the press about data breaches has you double checking your response plan. (Justifiably, too, when the data protection company SafeNet released a report that affirms data breaches are on the rise for all types of businesses.) If you're like many business owners these days, you know that insurance is a key component to surviving the financial and reputational fallout that accompanies a breach.

Still, there seems to be some lingering misunderstanding about which insurance policy offers what protection. For example, P.F. Chang's found itself in legal quicksand when it tried to use a General Liability policy to cover the legal costs of its prolific data breach. Little did the restaurant chain know, only Cyber Liability Insurance covers data breach expenses when a virus or hacker causes the breach.

To help you clear up insurance conundrums once and for all, let's explore the difference between General Liability and Cyber Liability Insurance and go over tips for ensuring your small business has adequate data breach coverage.

General Liability Insurance vs. Cyber Liability Insurance: Just the Facts

Let's start from the top: the standard language in most General Liability forms is very, very old. Back then, no one regularly used the Internet for business activities. But that's not to say General Liability Insurance doesn't have its modern-day merits. The policy steps in when a third party tries to sue your business over…

That second bullet point — the coverage for a third party's damaged property — spurs a lot of confusion, especially when it comes to data breaches. It makes sense that some policyholders would think of client data as client property. It's their information, after all. So why won't GL cover a data breach, which is the loss of customer data?

In the insurance world, there's an ocean of difference between tangible property and digital property. There are different risks that come with each. That's why many General Liability policies specify that they cover damage to a third party's tangible property, which excludes electronic data (i.e., information, facts, or programs stored, created, used, or transmitted to or from computer software).

So let's switch gears to the coverage insurers developed to fill the need for data breach protection: Cyber Liability Insurance (also called "Data Breach Insurance" and "Cyber Risk Insurance"). This policy has one big function — to help businesses respond to the financial aftermath of a data breach. There are two versions of this policy:

Your insurance agent can help you determine which type is the best fit for your business, depending on what you do.

Wait — Why Does My General Liability Policy Cover "Digital Data Protection"?

As we clarified above, standard GL policies don't offer data protection. However, some insurers do add digital data protection endorsements to General Liability policies. (Often, these policies are written for IT consultants and providers.) But there's one key way that this option differs from Cyber Liability Insurance: the GL endorsement only covers data losses caused by physical damage. In other words, if an your employee damages a server that stores your client data, that could trigger the specialized GL coverage.

But as we know from the headlines, many data breaches are the result of viruses and hacks, and you need Cyber Liability coverage to address that kind of data loss.

The Takeaway: Only Cyber Liability Protects You Against Cyber Attacks

As a final note on the topic, keep in mind these key points to ensure your business gets the data breach coverage it needs.

Insurance can be tricky, so if you still have questions, feel free to chat with an insureon agent.


Cyber Risk Insurance | Data Breach | General Liability Insurance | Insurance Terms Explained | Risk Management | Small Business | Small Business Risk Management | Tips for All Small Businesses

Permalink | Comments (0)
Compare insurance quotes for your business
Save money by comparing insurance quotes from multiple carriers
Can't find your profession?