Cyber liability insurance: Do clients know the cost of ignoring it?
By Justin R. Brown
So what does cyber liability insurance cover? Each insurer does things a bit differently, but here are the six key coverage areas that seem to be consistent from company to company.
It seems you can’t pick up a newspaper today without reading about yet another organization’s computer system getting attacked. It is happening to banks, retailers, businesses of all sizes and even nonprofits. Sometimes the crime is committed by a hacker who has broken into a company’s computer system and illegally accessed private data about clients, employees and donors. Sometimes private data is compromised when an employee’s laptop is lost or stolen.
No matter what the cause, your clients and prospects need to know that the best way to protect themselves from an attack labeled as a cyber crime is with cyber insurance. The product offers protection from exposures found online, taking into account first- and third-party risks.
First-party risks pay to help the insured recover from a covered claim or failure of security. Third-party risks cover losses resulting from breaches in network security or unauthorized access events. It is important to point out that cyber insurance is necessary in this day and age, as the standard property and liability insurance policies that most companies carry will not cover losses attributed to cyber crime.
So what does cyber liability insurance cover? Each insurer does things a bit differently, but here are the six key coverage areas that seem to be consistent from company to company:
Business interruption: If a business lost revenue due to a short-term or long-term shutdown caused by a cyber attack, the insurance policy will reimburse the company for its losses.
Data loss and system damage: While standard policies will cover the cost of replacing a machine if it is lost or stolen, companies will not be reimbursed for the lost data. Cyber insurance, however, will cover the cost of those losses. Notification expense: Companies must notify customers, vendors and others of the possibility their private information has been compromised. Typically, a company will offer to cover the cost of credit monitoring for a set period of time.
Content liability: This coverage protects the company from claims filed for everything from slander to invasion of privacy if the content on a blog or website is compromised.
PR/crisis management: Your client may need to hire a PR firm to do some crisis management to protect their brand in the aftermath of a breach that has compromised the security of customer and vendor information.
Regulatory, forensic and investigation expense: With new notification laws enacted and privacy legislation constantly changing, your client could end up being contacted by a government official who wants to do an investigation. Cyber insurance will cover the costs involved.
The cost of a policy will vary based on the type of business, the sensitivity of the data in your client’s possession, the controls in place and the limits of coverage they select. Premiums can be as low as $1,500 or as high as a few hundred thousand dollars per year. There are no limits to the amount of coverage a company can purchase. Considering the Cost of Cyber Crime study done last year by the Ponemon Institute, an independent research firm, found that the costs of cyber crime range from $1.5 million to $36.5 million per company, that’s a bargain.