What is cyber liability insurance?

Cyberattacks and data breaches are expensive and increasingly common. Small businesses often have weak cybersecurity, which makes them an attractive target.

A cyberattack isn't just an inconvenience – it can put you out of business. In fact, 60% of small businesses go under within six months of a cyberattack.

Cyber insurance coverage helps your business recover from financial losses caused by cyberattacks and data breaches. It can pay for credit monitoring, attorney's fees, fines, and other costly expenses.

Cyber liability insurance is a key policy for companies that handle credit card numbers, work in the cloud, or operate in cybersecurity.

Hackers often target retailers, healthcare organizations, and financial service providers, but any business can fall victim to a data breach.

Cyberattacks are expensive and can take a long time to resolve. A study by IBM and the Ponemon Institute put the average cost of a data breach at $3.86 million. The average time to identify and contain a breach was 280 days.

A cyber insurance policy can pay for:

• Mandatory notification of affected parties. Failure to do so could result in steep fines and penalties.
• Investigating and fixing security flaws.
• Several years of credit monitoring services for affected customers.
• Loss of business opportunities. You might need to hire a public relations firm to help manage any reputational damage.

There are two types of cyber liability insurance:

• First-party coverage helps cover expenses when your systems or network are breached or your data is stolen.
• Third-party coverage offers protection when a client sues your company for failing to prevent a breach at their business.

First-party coverage involves the costs that directly impact your business. It helps cover expenses when your network is hacked or your data is breached. It can help defray the costs of notifying customers and paying for credit monitoring services to those affected.

This coverage, sometimes called data breach insurance, can often be added to your general liability insurance. It’s recommended for retailers and other professionals who collect customer credit card information.

First-party cyber liability insurance can cover:

• Cyber extortion payments
• Hiring an expert to investigate the breach and assist with regulatory compliance
• Notifying affected customers
• Customer credit and fraud monitoring services
• Crisis management and public relations
• Business interruption expenses, such as the cost of hiring additional staff, renting equipment, or purchasing third-party services

Third-party coverage is for claims made against your business by injured parties. It provides liability coverage if a client blames you for failing to prevent a data breach or cyberattack at their company. This could include the cost of legal defense and settlements.

This insurance is recommended for tech professionals, such as an IT consultant who makes software recommendations to clients. If the software they recommend is later responsible for a client's data breach, third party coverage will help cover the cost of a lawsuit.

Third-party cyber liability insurance can cover:

• Legal defense costs
• Settlements if you and the client settle out of court
• Judgments you're legally obligated to pay after a data breach
• Other court costs

Third-party cyber liability insurance can be bundled with your errors and omissions policy. When combined, these two coverages are known as technology errors and omissions insurance, or tech E&O.

Verizon’s Data Breach Investigations Report found that 28% of data breaches involved small businesses. The report also revealed:

• 70% of data breaches were caused by outsiders
• 86% of attacks were financially motivated
• 43% of breaches occurred through web applications (a rising trend)
• 27% of malware incidents were related to ransomware

Nearly a third of data breaches in 2020 involved small businesses, yet 43% of small businesses don’t have any kind of cybersecurity defense plan and only 16% think they are at risk of an attack.

The coverage included in cyber liability insurance defrays these costs, allowing your company to survive a breach.

Cybercrime is a multibillion-dollar industry. Security firms constantly struggle to stay one step ahead of hackers looking for lucrative victims. Even with careful security measures in place, catastrophic data breaches can, and do, occur.

Phishing emails, malware, security breaches, network security issues, and computer system breakdowns are just a few examples of the kinds of cyber risk that could cause serious liability or losses.

Here are a few recent examples:

In December 2019, Wawa disclosed that hackers breached its credit and debit card payment systems at all 860 convenience stores. A month later, hackers put the payment card details of more than 30 million Americans for sale on an Internet forum for credit card fraud.

In March 2020, Marriott International announced that the personal information of approximately 5.2 million guests was stolen. This included names, addresses, phone numbers, email addresses, and dates of birth.

In July 2020, hackers used the Twitter accounts of some of the most famous people in the country to tweet requests for bitcoin donations to anonymous addresses. They received more than 400 responses and stole bitcoin worth $121,000.

In November 2020, the gaming company WildWorks announced a data breach in its kid’s game Animal Jam that resulted in the theft of more than 46 million users' information.