What is Cyber Liability Insurance, and Do You Need It?


Cybercrime is widely prevalent. The growing reliance on IT systems and networks for storage, use and access has exposed critical data to cybercriminals who have become bolder and increasingly sophisticated. Although we most often hear about big corporations falling victim to cyberattacks, small businesses are the most vulnerable. Without big technology departments and IT staff, small businesses are most likely to need cyber liability insurance. This type of small business insurance will help you respond effectively to a cyber breach, cover your costs, and quickly move on. In this article, you’ll learn more about what cyber liability insurance covers, what it costs, what you will be required to do and where to purchase it.

Why Cyber Insurance is Important

Cyber liability insurance, sometimes short for cybersecurity, privacy, and media liability insurance, helps your company respond in the event of a cyberattack or data breach. For instance, cyber liability insurance can be essential if your network or computer systems are hacked into or corrupted by a virus.

While the primary protection against cybercrime is and always will be strong internal safeguards – limit access, strong passwords, regular updates to passwords and software – insurance coverage is an added layer of protection which enables the business to call upon the insurer when and if the primary measures fail. While Sony’s use case was dated almost a decade ago, it helps bring the point of having an insurance coverage into context.

Prerequisites to Ensure Your Claim

Cybersecurity policies can change from one month to the next, given the dynamic and fluctuating nature of the associated cyber-risks. Unlike well-established insurance plans, underwriters of cybersecurity insurance policies have limited data to formulate risk models to determine insurance policy coverages, rates and premiums. As such, a lot of things may fall into grey areas providing insurance companies with an opportunity to reduce the claim pay-out. In order to ensure your claim, it is essential to put up critical cybersecurity measures that will safeguard your data against common IT risks. These include;

  • Use strong passwords
  • Control Access
  • Put up a Firewall
  • Use Security Software
  • Update programs and Systems Regularly
  • Monitor for Intrusion
  • Train Employees

Furthermore, many cybersecurity policies exclude preventable security issues caused by humans, such as poor configuration management or the careless mishandling of digital assets. So before getting a cyber liability insurance policy, consider getting your networks and critical systems managed by experts.

Who Needs Cyber Insurance?

In today’s economy, almost every business should purchase cyber insurance. If you and your employees use a computer and share proprietary information, then cyber insurance is worth considering. Businesses that create, store and manage data online, such as customer contacts, customer sales, PII and credit card numbers, can benefit from cyber insurance. E-commerce businesses can also benefit from cyber insurance as downtime related cyber incidents can result in revenue and customer losses. Similarly, any business that stores customer information on a website can benefit from the liability coverage that cyber insurance policies provide.

Claims covered by Cyber Insurance

In the United States, almost all major insurance companies offer customers cybersecurity insurance policy options. Depending on the price and type of policy, the customer can expect to be covered for extra expenditures resulting from the physical destruction or theft of information technology (IT) assets. Such expenditures typically include costs associated with the following:

  • Meeting extortion demands from a ransomware attack;
  • Notifying customers when a security breach has occurred;
  • Paying legal fees levied as a result of privacy violations;
  • Hiring computer forensics experts to recover compromised data;
  • Restoring identities of customers whose PII was compromised;
  • Recovery of altered or stolen data; and
  • Repairing or replacing damaged or compromised computer systems.

Traditional insurance policies typically exclude cyber-risks, which has led to the emergence of cybersecurity insurance as a separate, stand-alone cover. Potential customers include any company that accepts digital payments or stores customer related data, including medical and financial information.

Claims Cyber Insurance does not cover

In addition to physical property loss, Cyber Liability Insurance does not cover social engineering attacks. What most companies are not aware of is, 70%-90% of all successful data breaches happen due to social engineering attacks. Furthermore, many insurance policies contain grey areas. Below you can see what they normally don’t cover.

  • Excludes Accidents and Errors but covers Attacks or Hacks.
  • They do cover costs imposed by law, but not total incident costs
  • Only the time of the network interruption is covered, but not the overall business disruption moving forward
  • They may exclude systems delivered by third-party service providers

As cybersecurity insurance is still new, policies vary widely from one provider to the next. To choose a policy, companies must closely review policy details to ensure it provides the required protections and provisions. In addition, companies must evaluate whether policies provide protection against known and emerging cyber incidents and threat profiles. To prepare yourself for buying cyber liability insurance call us now

Do you want to read more on this topic? Check out these articles:

Matt Parks

Matt Parks

About the Author: President & CEO, Matt has over 20 years building and leading high functioning teams
delivering exceptional results