Decoding cyber liability insurance


As a risk manager, my job is to look into the future and tell my clients where I see potential for loss.

Easier said than done, but at least I have some data to rely on when having these conversations. For instance, a study performed by Hartford Insurance and published in 2015, said 40 percent of small businesses will experience a property or liability loss over the next decade. We know from industry benchmarking that upward of 90 percent of U.S. businesses purchase property and liability insurance.

What about other threats to your business, like a data breach for example? According to a survey conducted in 2015 by Nationwide Insurance, 63 percent of small business owners admit to being victims of at least one type of cyber-attack. Now compare that to the fact that only 3 percent of small businesses purchase cyber liability insurance. What could be driving this disparity? Let’s take a closer look to help determine why businesses are left over-exposed to this risk and what cyber insurance coverage can do to protect your company.

What is cyber liability insurance?
As the name suggests, this is a coverage meant to protect your business from third party liability resulting from a data breach. Don’t just think of a hacker across the world trying to infiltrate your system; the threat can actually be much more mundane. Say, for instance, a company laptop containing sensitive information disappears from the backseat of a car. Even simpler, what about a printed database of vendor information that goes into the trash instead of the shredder? Both examples represent a common way that companies inadvertently expose themselves to a liability from a third party whose confidential data is not protected adequately.

Cyber insurance doesn’t just protect you against third party claims; it can also protect your business as a first party claimant for things such as business interruption, damaged equipment, cost to recover data, lost reputation, fraudulent wire transfers and cyber ransom payments, to name a few.

Common misconceptions
Many businesses assume that their general liability policy provides coverage for data breaches and the ensuing damages referenced above. While some general liability policies might provide coverage for a small fraction of cyber-related losses, that coverage is extremely narrow in scope and usually does not extend limits high enough to make your company whole after a loss.
Another common thread is the notion that your third party IT services firm is on the hook for data that is lost. In fact, you are legally liable for keeping that data safe whether it’s your physical server that is compromised, or the cloud server hosted by a third party.

What about the idea that your business is too small to be a target of cyber-crime? Your business might actually be an easy target with limited resources to invest in cybersecurity software and employee training. Cyber criminals will look for any open door, regardless of the size of the target. Keep in mind that most losses are not caused by a sophisticated attack, but rather simple employee mistakes such as misplaced mobile devices, laptop or paper records, and opening unauthorized emails.

Weighing the costs
One possible reason for the lack of engagement with cyber liability insurance products is that business owners don’t yet realize the potential for a cyber liability loss to decimate their company. Furthering the problem, many insurance agents are not yet comfortable advising clients on the topic.

You don’t have to be a techie to see the potential for devastating losses though.

The Ponemon Institute, a research center dedicated to privacy and data protection, reports that the average cost to small businesses after a hack stands at $690,000 ($1 million for middle market companies). That being the case, it’s no wonder that 60 percent of small businesses are forced to cease operations within six months of a cyber-attack, according to the U.S. National Cyber Security Alliance.

The premiums associated with a cyber liability policy vary widely depending on several factors, including the nature of your business, number of employees, existing network security, type of data, privacy policies, revenues and much more. In general, business owners will find the cost of a comprehensive cyber liability policy to be reasonable in comparison to other coverages. A discussion with your insurance agent on this topic is critical and will yield a more specific premium range for you to perform your own cost benefit analysis.
When advising my clients on these matters, I remind them that the impact of a cyber-attack can be just as damaging to your business as a fire in the warehouse. What’s the big difference? Only a handful of small businesses purchase insurance to protect against both of those events.

What can cyber liability insurance do for your company?
Coverage forms have evolved significantly to address the myriad of liabilities promulgated by a cyber-related loss. In the event of lost or stolen personal information, a robust response might include a forensic investigation to determine the source of a breach. Notifications will be sent to victims and a breach coach is often assigned to determine applicable laws and advise how to proceed.

The response might also include coverage for a public relations firm to help ease the impact to the reputation of your business. The cost of credit monitoring services for victims can also be included in coverage forms. Last but not least, damages and defense costs associated with third party claims for lawsuits brought against your organization can be included in policy limits.
Coverages are adapting as quickly as possible to address other areas of exposure, such as ransomware. Ransomware is a particularly insidious form of cybercrime that holds all information on your hard drive hostage. In a nutshell, victims are left with the decision to pay a fee or lose their data. The actual ransom amount can be covered under a cyber liability policy, along with business interruption coverage to reimburse your company for lost profits during the period your system is impacted by the threat.

Given the increasing prevalence of cyber liability threats and their significant potential for harm, now might be a perfect time to explore how a cyber liability insurance policy can protect your business.

–Nelson Aldrich is an insurance broker with WISG Insurance, headquartered in Turlock. He can be reached at [email protected]



Please enter your comment!
Please enter your name here