Cyber Insurance: Liability, Programs, Costs & More
January 25, 2021
What is Cyber Liability Insurance & Who Needs It?
Virtually every business today relies on electronic systems to run its operations. Headlines may sensationalize cyber-attacks on government and large corporations. But small companies also share risks of data breaches, cyber-attacks, viruses, ransomware, and more, with roughly half of all data breaches are on business entities. Reports and claims activity indicate that the number and intensity of cyberattacks is a growing problem affecting companies of all sizes.
Severe financial and reputational losses can occur from network breaches if a virus or ransomware corrupts them. These are circumstances where cyber liability insurance is necessary to protect against such events. Small businesses that lack large IT departments and deep tech staff have the greatest need for cyber liability insurance.
Types of Cyber Insurance
A typical example of how small and mid-size businesses protect themselves with cyber insurance risk management services is bundling their cyber liability coverages. Because cyber liabilities affect companies in different ways, Victor Insurance Managers, whose listing is in the Program Business directory, breaks out coverage proposals for its insureds into these categories or bundles of cyber liability insurance:
● Breach Liability covers many third-party cyber liabilities, including:
o Privacy Liability covers loss claims from third parties resulting from a breach of protected information such as confidential corporate information, in the form of Non-disclosure Agreements (NDAs), credit card, and password details.
● Privacy liability risks cover the security liability of networks owned or operated by the insured. Third parties may claim harm due to unauthorized access to the network that resulted in cyber breaches that exposed their protected information.
● Website Media Liability: Like advertising liability in a standard General Liability policy, this coverage protects risks from third-party claims of loss relating to personal, advertising, copyright, and trademark infringement when content is posted on either the insured's website or its official social media platform.
Regulatory Proceeding: Helps cover the losses in the form of fines and penalties assessed by a governmental regulatory agency due to a data breach.
Payment Card Industry: Businesses are liable for penalties and assessments from the payment card industry (PCI) because of a data breach to their networks or computer systems. The coverage helps to pay for losses to reimburse banks or merchants for card re-issuance, chargebacks, credits issued, and so forth.
Breach Rectification provides coverage to help pay for losses and costs incurred by insureds when responding to data breaches:
● Data Breach Team: Covers the costs to respond to a data breach, including a breach coach who will coordinate the response, forensic expenses, notification expenses to comply with data regulations or voluntary as recommended by the coach, credit card monitoring, and similar credit protection services.
● Business Interruption: Addresses loss of insured income and additional expenses when the insured's computer system sustains a detectable interruption.
Digital Asset Loss: Addresses the costs incurred by an insured to restore digital assets following a covered corruption event.
Addresses a host of perils and losses related to cybercrimes:
● Cyber Extortion: Provides funds to cover extortion payments or expenses from a cyber demand.
● Electronic Transfer Fraud: Covers loss of insured funds from the insured's account resulting from corrupted or compromised wire transfer instructions.
● Deceptive Transfer: Commonly referred to as "social engineering" losses or confidence scams, where the insured enters wire transfer instructions due to the deception of a third-party via electronic contact (primarily email).
Telephone Toll Fraud: Covers loss where an insured's voice over IP system has been compromised and directed to call high-cost toll numbers.
First-Party Liability Coverages
Businesses that use a network or computer system to safeguard sensitive information, such as credit card and Social Security numbers, drivers licenses, passwords, or valuable confidential information, need cyber liability insurance. The coverage helps pay for losses resulting from a cyberattack or data breach that impacts the business. First-party liability is the cyber equivalent of commercial property protection for the business's structures and property.
Third-Party Liability Coverages
Should a business cause errors or make mistakes in how it stores or manages customer data or uses technology to service its clients is liable if their clients suffer losses because of having valuable data compromised while stored on the insured's systems or computers. The insurance policies that protect them are known as third-party liability coverage. This type of insurance is comparable to a general liability policy. It insures the business against customers and third parties’ claims for its losses.
Data Breach Examples
Here are some common ways in which data breaches can occur:
● An electrical outage or power surge damages or destroys a network or computer system.
● A virus or spyware infects the computer system.
● The business is locked out of access to its data due to a ransomware attack.
● A well-meaning person accidentally destroys or loses valuable data.
● The network and computer systems are taken offline due to a distributed denial of service (DDoS) attack.
● An employee or service contractor accidentally or maliciously destroys equipment or data.
Hackers steal confidential information.
Cyber Liability Insurance Costs
Because cyber liability covers businesses large and small, there is no one price fits all scenario. In general, the premium for an annual cyber liability policy can start as low as $500 to more than $50,000. The business's size and nature are significant determinants in the coverage cost.
Companies that operate online have greater exposure to cybercrime than small businesses that primarily work from a physical location. Claims history is a factor in costs. The level of technological complexity is a consideration as well. Where data is stored on cloud servers, on local servers, and the type of data stored and manipulated are considerations.
Cyber liability insurance programs have a higher cost than other types of liability because settling claims has a history of being overly expensive in many cases. Consider that the work necessary to remedy losses due to cyber liability claims is complicated. Typical claims can involve replacing, or repairing software and hardware, paying legal fees and settlements, managing reputational damage to the business or its clients. Any of those items can escalate the final costs of settling claims.
Best Cyber Liability Insurance Programs
When you are looking for expertise to help provide the right cyber liability insurance at competitive prices, the Program Business directory is the place to start. With a quick check there, you will discover Victor Insurance Managers Inc. (fka Victor O. Schinnerer & Company, Inc.) It is one of the largest and most experienced underwriting managers of specialty insurance programs globally. At Victor, underwriting management has been a distinct discipline for over 60 years. Victor's Cyber policy is developed with your clients' needs in mind. Its program offers a sophisticated cyber insurance policy that is customizable for small and mid-size companies, yet scalable to meet larger organizations' needs.