It's not terribly surprising that retailers are prime targets when pesky cyber criminals are on the prowl for financial data. The data security firm Imperva recently reported that based on its customer data, retailers were the target of 48 percent of attacks. As we noted in the post, "Cyber Insurance a 'Necessity,' Especially During the Holidays," the increased customer traffic during this time of year only makes retailers all the more lucrative for the scheming hacker.
Even if you're not in the retail business, no doubt all the press about data breaches has you double checking your response plan. (Justifiably, too, when the data protection company SafeNet released a report that affirms data breaches are on the rise for all types of businesses.) If you're like many business owners these days, you know that insurance is a key component to surviving the financial and reputational fallout that accompanies a breach.
Still, there seems to be some lingering misunderstanding about which insurance policy offers what protection. For example, P.F. Chang's found itself in legal quicksand when it tried to use a General Liability policy to cover the legal costs of its prolific data breach. Little did the restaurant chain know, only Cyber Liability Insurance covers data breach expenses when a virus or hacker causes the breach.
To help you clear up insurance conundrums once and for all, let's explore the difference between General Liability and Cyber Liability Insurance and go over tips for ensuring your small business has adequate data breach coverage.
General Liability Insurance vs. Cyber Liability Insurance: Just the Facts
Let's start from the top: the standard language in most General Liability forms is very, very old. Back then, no one regularly used the Internet for business activities. But that's not to say General Liability Insurance doesn't have its modern-day merits. The policy steps in when a third party tries to sue your business over…
- Bodily injuries. If someone slips and falls on your business's property, you can be sued for damages. Many GL policies can also cover the injured person's medical expenses before the accident becomes a lawsuit.
- Property damage. If your business damages or loses someone's property, your policy can help pay for the legal or replacement costs.
- Advertising injuries. This is one of the GL coverages that has adapted with the times. It can be applied to defamation lawsuits that originate on social media. (For more on that, read, "Social Networking Libel 101: Courtney Love & Twitter Libel.") It can also help your business out if it's sued over copyright issues.
That second bullet point — the coverage for a third party's damaged property — spurs a lot of confusion, especially when it comes to data breaches. It makes sense that some policyholders would think of client data as client property. It's their information, after all. So why won't GL cover a data breach, which is the loss of customer data?
In the insurance world, there's an ocean of difference between tangible property and digital property. There are different risks that come with each. That's why many General Liability policies specify that they cover damage to a third party's tangible property, which excludes electronic data (i.e., information, facts, or programs stored, created, used, or transmitted to or from computer software).
So let's switch gears to the coverage insurers developed to fill the need for data breach protection: Cyber Liability Insurance (also called "Data Breach Insurance" and "Cyber Risk Insurance"). This policy has one big function — to help businesses respond to the financial aftermath of a data breach. There are two versions of this policy:
- First-party response. This type of Cyber Risk policy can cover the cost of notifying affected parties about the breach, funding PR measures to rebuild your business's reputation, offering credit-monitoring services, and more.
- Third-party defense. This type of Cyber Liability policy can cover legal expenses if your business is sued over a data breach.
Your insurance agent can help you determine which type is the best fit for your business, depending on what you do.
Wait — Why Does My General Liability Policy Cover "Digital Data Protection"?
As we clarified above, standard GL policies don't offer data protection. However, some insurers do add digital data protection endorsements to General Liability policies. (Often, these policies are written for IT consultants and providers.) But there's one key way that this option differs from Cyber Liability Insurance: the GL endorsement only covers data losses caused by physical damage. In other words, if an your employee damages a server that stores your client data, that could trigger the specialized GL coverage.
But as we know from the headlines, many data breaches are the result of viruses and hacks, and you need Cyber Liability coverage to address that kind of data loss.
The Takeaway: Only Cyber Liability Protects You Against Cyber Attacks
As a final note on the topic, keep in mind these key points to ensure your business gets the data breach coverage it needs.
- Work with an agent who understands your industry. What you do impacts your risks and how you may be most susceptible to data breaches. A knowledgeable agent can help you determine which policy offers your business the most useful form of data protection.
- Know there's no policy that will prevent data breaches. The best your insurance can do is to help your business recover from a breach. It's up to you to enact the security measures that can reduce the likelihood of a breach. For risk management tips, check out the post, "One More Way Customers Can Sue You."
- Ask about your coverage. If you're not sure what your policies do and don't cover, talk to your insurance agent. You don't want the cruel surprise of finding out you don't have the coverage you thought you had when it's time to make a claim.
Insurance can be tricky, so if you still have questions, feel free to chat with an insureon agent.