Cyber liability insurance, also called cyber security insurance, protects small businesses from the high costs of a data breach or malicious software attack. It covers expenses such as customer notification, credit monitoring, legal fees, and fines.
Cyberattacks and data breaches are expensive and increasingly common. Small businesses often have weak cybersecurity, which makes them an attractive target.
A cyberattack isn't just an inconvenience – it can put you out of business. In fact, 60% of small businesses go under within six months of a cyberattack.
Cyber liability insurance coverage helps your business recover from financial losses caused by cyberattacks and data breaches. It can pay for credit monitoring, attorney's fees, fines, and other costly expenses.
Cyber liability insurance covers the costs associated with data breaches and cyberattacks, including the cost of recovering important data and hiring legal representation.
There are two types of cyber liability insurance coverage: first-party coverage and third-party coverage.
Most businesses need first-party cyber liability insurance to defend against their own cyber risks, especially if they handle personally identifiable information (PII) for customers.
Companies that are responsible for their clients' cybersecurity would need third-party cyber liability insurance to provide legal protection from client lawsuits.
This coverage can often be added to your general liability insurance. It’s recommended for professionals who collect sensitive information, such as customer credit card information.
Specifically, first-party cyber liability insurance can help cover:
If a hacker steals your private information about your company or its employees and holds them for ransom, cyber liability insurance will help with payments to meet cyber extortion demands.
When normal operations need to be halted to handle a cyber incident response, cyber liability insurance can help cover business interruption expenses, such as the cost of hiring additional staff or renting equipment. This includes purchasing third-party services, such as hiring a public relations or crisis management team.
State laws will typically require a response when a business is impacted by a data breach. Cyber insurance helps cover costs associated with hiring a digital forensic expert to investigate the breach, customer notifications, consumer credit and fraud monitoring services, as well as Payment Card Industry (PCI) compliance fines.
Third-party coverage offers liability protection and helps cover the cost of a lawsuit when a client sues your company for failing to prevent a breach or cyberattack at their company. This insurance is recommended for technology businesses who make software recommendations to clients or are responsible for their network security.
Specifically, third-party cyber liability insurance can help cover:
If a client sues your business for failing to prevent a data breach at their business, cyber liability insurance could help cover attorney's fees and other legal costs for your defense in court.
If your business faces a lawsuit from a client who experiences a data breach, you and the client could decide to settle out of court with settlements that would satisfy the damages they experienced.
If a client accuses you of being responsible for a data breach at their business and sues your company, you may be legally obligated to pay for damages from any judgments in the lawsuit.
Cyber liability insurance, sometimes called cyber security insurance, is a key policy for any companies that operate in cybersecurity, work in a cloud environment, or handle sensitive customer personal information, such as credit card numbers.
While any business can fall victim to a data breach or cyberattack, hackers will often target a few specific industries, including:
Cyber liability insurance for technology companies provides coverage for legal costs when a client sues for failure to prevent a data breach or cyberattack at their business.
For example, if an IT consultant leaves data for a small healthcare company unsecured on Amazon Web Services, and a cyberattack exposes hundreds of Social Security numbers and email addresses belonging to the company's customers, the healthcare company could blame the consultant and file a lawsuit.
The consultant's cyber liability policy helps pay for legal defense costs and the eventual settlement.
Cyber liability insurance for retail businesses helps provide coverage to recover after a cyberattack exposed your customers' personal data. It's recommended for any shop that handles credit card numbers or other sensitive information.
For example, an employee at your retail store accidentally opens an email containing a malicious computer virus. The virus encrypts data crucial to your business’s operations and demands a ransom for its retrieval.
Your cyber liability insurance reimburses you for the ransom and for the cost of hiring someone to look into the source of the attack.
Cyber liability insurance for healthcare organizations can help cover legal costs and provide essential resources, such as notifying clients or patients that their data was exposed, credit monitoring services for affected clients, and PR campaigns to restore reputation.
For example, if a doctor's office suffered a ransomware attack affected up to 100,000 patients, it could force them to lock their patient billing and scheduling software in order to investigate the breach and prevent further damage.
Cyber liability insurance would cover business interruption expenses while the facility works to re-boot and upgrade security on their system.
Cyber liability insurance for financial professionals can can cover legal fees and expenses while also providing vital resources to help recovery if they experience a cyberattack or data breach.
For example, if a tax preparer asks a client to upload a document with sensitive data online and that client data is stolen or compromised, the affected client might decide to sue the tax preparer to recoup expenses.
Cyber liability insurance can shield your business from legal expenses related to a data breach by paying for court costs and attorney fees.
While cyber liability insurance covers many aspects related to data being compromised by cyber threats, it does have a number of coverage exclusions. For example, it only covers data lost from a targeted cyberattack. It does not cover data lost from a power outage.
Other exclusions from cyber liability insurance coverage include:
While a cyber insurance policy covers data lost in a software attack, it does not insure data lost from accidental physical damage to a network or storage device.
Electronic data liability coverage expands your property damage coverage in a business owner's policy (BOP) to include a loss of data caused by accidental damage to a customer’s computer, hard drive, or other data storage equipment.
If you experience a data loss during a power surge, fire, or natural disaster, you would need electronic data processing (EDP) insurance. This coverage is typically bundled in a business owner's policy (BOP), and provides protection for data loss in your electronic data processing equipment, such as computers and backup systems.
Cyberattacks can happen when the network security at a business is not up to date, or the employees lack the training or knowledge to recognize phishing attempts, ransomware, and other cyber hacking red flags.
According to a recent report, 82% of ransomware attacks target small businesses. Many ransomware gangs are attempting to extort companies that are lucrative enough to pay a heftier ransom amount, but also small enough in size to make hacking attempts easier, as well as keep any media and law enforcement attention low during the fallout.
When a data breach or cyberattack incident occurs at a business, cyber liability insurance can help defray costs to the business and help a company to survive the breach.
Learn more about protecting your business from ransomware attacks and other threats.
Cybercrime is a multibillion-dollar industry. Security firms constantly struggle to stay one step ahead of hackers looking for lucrative victims. Even with careful security measures in place, catastrophic data breaches can, and do, occur.
Phishing emails, malware, security breaches, network security issues, and computer system breakdowns are just a few examples of the kinds of cyber risks that could cause serious liability or losses.
Learn more about what to do after a data breach.