What Does Cyber Insurance Cover?
Table of Contents
- By Rita
- Apr 08, 2022
There are numerous types of cyber-attacks, and they are an increasingly significant problem for all organizations. Many of these companies obtain cyber risk insurance to protect against some of the impacts of an incident. Companies and employees need to understand what cyber insurance is, who needs it, and what it covers.
What Is Cyber Liability Insurance?
Cyber insurance, also known as cyber liability insurance or cyber risk insurance, is designed to protect organizations from cyber threats in the digital age, such as data breaches or malicious cyber hacks.
A policy can help reduce business interference in a cyber incident and its after effects. It can also cover the potential financial cost of dealing with a cyber-attack and recovering from it.
Existing cyber liability insurance policies may provide some coverage of cyber risks. For example, some commercial property policies may help with some cyber threats.
Despite this, more and more businesses are taking up more specialized cyber risk insurance policies to complement their existing insurance arrangements, especially if they:
- Rely heavily on IT systems and websites for business operations.
- Possess sensitive customer details like names, addresses, and banking details.
- Process payment card information.
However, cyber risk insurance doesn’t protect against everything. An organization must understand what is covered and what isn’t covered when they sign up for a policy.
Even with cyber liability insurance, a business is still responsible for its cyber security. This responsibility isn’t shifted to the insurer when the company takes up a coverage plan.
Who Needs Cyber Insurance?
Every business needs cyber insurance, as almost every organization relies on technology to operate. Any business that operates online or is dealing with electronic data may benefit from cyber risk insurance.
Businesses that deal with large amounts of private personal data could also benefit significantly from cyber liability insurance. This information could include personal data of customers and employees, intellectual property, or financial data, all of which are potentially profitable to cybercriminals.
Hackers can also impair a network with ransomware. Having a cyber risk insurance policy covering ransomware could help organizations plagued with such attacks find a way out of the predicament.
What Does Cyber Liability Insurance Cover?
Generally, cyber risk insurance covers the losses arising from damage to or loss of information from IT systems and networks.
Usually, cyber risks are categorized as first-party and third-party risks. Insurance products exist to cover these types of risks.
First-party coverage pays out-of-pocket expenses that a firm directly incurs because of a breach. It may include:
- Cyber Extortion - This covers ransoms paid to cybercriminals who’ve breached a company’s computer system. The threat is usually to commit a despicable act like destroying data, infecting systems with viruses, conducting an attack, or revealing private information unless the ransom is paid.
These policies usually cover extortion payments made to the cybercriminals with the insurer’s consent and other related expenses like hiring an expert negotiator.
- Notification Costs - These policies cover the cost of notifying customers whose data has been affected by the breach.
Most states have laws that require businesses to inform individuals when their personally identifiable data is compromised. You may be liable for setting up a call center to provide credit monitoring services, and these policies may cover the cost of that.
- Data Restoration - Encompasses any costs related to restoring data or any software that may have been compromised during a hacking incident.
- Crisis Management - The cost of hiring experts in the field may be covered. These would all be potentially helpful in determining the extent of the damage, finding what information was compromised, helping reduce the loss, and aiding in any reputational damage.
- Loss of income and extra expenses - Covers any income losses that a business sustains and any additional costs it incurs to restore operations after a shutdown caused by a hacker attack, virus, or other covered online danger.
Third-party coverage applies to damages or settlements a business should pay due to claims or suits arising from the business’ actions or failure to act. It may include:
- Network security and privacy liability - Covers claims against the business resulting from negligent acts, errors, or omissions. It includes failure to protect sensitive information, failure to notify of a data breach, and failure to prevent a security breach that leads to a DoS attack or introduction of a virus.
- Regulatory proceedings - Covers fines or penalties levied on the business by regulatory agencies that regulate data breach laws. It also helps cover the cost of hiring a lawyer to respond to a regulatory proceeding.
- Electronic media liability - This insurance covers lawsuits against the business for libel, slander, defamation, copyright infringement, or privacy invasion.
What Isn’t Covered by Cyber Insurance?
As is the case with any insurance policy, there are exclusions in cyber policies that potential policyholders should note. Some of the things that a cyber risk policy doesn't cover include:
- Costs of improving your internal technology systems after a cyber incident.
- Potential lost profits in the future.
- Utility failure.
- Loss of value as a result of intellectual property theft from your business.
- Intentional dishonest acts by you, the insured.
- Bodily injury and property damage.
How Much Does Cyber Insurance Cost?
The cost of a cyber-risk policy usually depends on several factors like:
- The size of the business and its annual revenue.
- The industry the company operates in.
- The type of data that the company usually deals with.
- The overall security of the network.
A business with poor cyber security systems or a previous history of falling victim to data breaches would be charged more for an insurance policy than one with a good reputation for upholding security standards. On average, businesses pay about $1,500 for a 1 million policy with a $10,000 deductible.
Businesses in sectors like health and finance will usually pay more for insurance policies due to the sensitive nature of these fields and the number of personal records they deal with.
What Do I Need To Apply for a Cyber Liability Insurance Policy?
Cyber risk insurance isn’t a foolproof solution for all your cyber security problems. Your business may have to prove that it takes its cyber security seriously to get the best deal. Many insurers will not take on a customer that looks like they may be at great risk for a data breach.
Usually, when applying for a policy, insurers will ask to assess the cyber security your company has in place. You’ll be required to maintain accurate details about your cyber security as time goes on.
Policies are reassessed every 12 months. Even after getting a policy, you still need to maintain proper cyber security procedures or risk losing your insurance down the line.
You also have to understand the systems and data essential to your business and assess whether the level of coverage you get is adequate.
Deciding on the appropriate cyber liability insurance policy goes beyond the IT department. This is also a concern for upper executive management.
Unlike other incidents like fire or theft, cyber incidents are often spread out over the whole organization. You must have a great understanding of your organization’s operations and how departments intermingle to determine the extent of any incident.
It’s beneficial to invest in your business's cyber security, even if it has a cyber liability insurance policy.
What Is the Future of Cyber Liability Insurance?
The regularity of cyber-attacks is expected to remain a risk. Cybercriminals are also likely to become bolder with their schemes. As a result, the way cyber risk insurance operates will evolve.
Cyber insurers are unlikely to offer policies to organizations that pay little concern to their cyber security.
Paying out insurance policies is purely reactive and quite costly for insurance providers. Many insurers have now become focused on risk aversion. Not only do they offer payouts if a cyber attack should occur, but they are encouraging customers to take a proactive approach to cyber security.
The insurance industry evolved from a lender of last resort and payouts to a risk advisor and partner for your business operations.