Cyber Insurance for Businesses
A cyber insurance policy is a type of insurance coverage that is designed to help businesses mitigate the financial impact of a cyber-related security breach or other type of cyber-attack. These policies typically provide coverage for a range of costs associated with responding to and recovering from a data breach or other cyber incidents.
Understanding the Types of Cyber Insurance Coverage
There are many types of cyber incidents that can be covered in a Cyber policy. From funds transfer fraud to ransomware attacks or phishing emails. There are also first-party and third-party coverages available. First-party coverage provides reimbursement to the insured company for its financial losses and expenses incurred resulting from a cyber-crime. Third-party coverage is for the damages owed due to liability to others (clients, employees, vendors) because of your company’s negligence or lack of security that contributed to or permitted the attack to occur.
a) Notification costs - These are the costs associated with notifying affected parties, such as customers or employees, of the data breach or other incident.
b) Forensic investigation costs - These are the costs associated with determining the extent of the data breach or other incident, including forensic investigation and analysis.
c) Legal and regulatory expenses - These are the costs associated with legal and regulatory proceedings related to the data breach or other incident.
d) Business interruption losses - These are the costs associated with lost income or revenue as a result of the data breach or a denial of service attack when a website is shut down.
e) Data recovery costs - These are the costs associated with recovering lost or stolen data.
f) System Damage – Costs associates with a cyber-attack that physically damage computer hardware, also termed “Bricking”. Bricking is a term used to describe the loss of functionality or use of hardware, such as servers or other computer systems, due to a hacking event. In some cases, the hardware may be damaged beyond repair or may be considered untrustworthy even after the malicious software has been removed.
g) Public relations expenses - These are the costs associated with managing the company's public image and reputation in the wake of a data breach or other incident.
Third-Party Cyber Coverage:
Also known as Information Security and Privacy Liability covers the insured's liability for damages resulting from a data breach, which can occur in a variety of ways. A company can be liable to others for damages when these occur:
a) Loss, theft, or unauthorized disclosure of Personally Identifiable Information (PII) in the insured's care, custody, and control - This can occur when an employee's laptop is stolen, for example, or when a hacker gains access to a company's database.
b) Damage to data stored in the insured's computer systems belonging to a third party - This can occur if a company's system is hacked and data belonging to a customer or partner is damaged or destroyed.
c) Transmission of malicious code or denial of service to a third party's computer system - This can occur when a company's system is used to transmit a virus or other harmful code to another system.
d) Failure to timely disclose a data breach - This can occur if a company does not promptly notify affected parties of a data breach.
f) Failure to administer an identity theft program required by governmental regulation or to take necessary actions to prevent identity theft - This can occur if a company fails to comply with regulatory requirements related to identity theft prevention.
Costs Associated with Business Data Breaches
Cyberattacks and data breaches are expensive. Small businesses don’t usually have enough effective security protocols set up to prevent attacks, which makes them desirable targets to criminals. Many risks associated with data breaches can cause long-term harm.
- Revenue Loss – Cyber business interruption coverage is designed to provide financial protection to a business that experiences a disruption or loss of income as a result of a cyber event. It covers the net profit that the business would have earned if the event had not occurred. The coverage typically applies to both direct losses, such as lost revenue and extra expenses incurred during the period of interruption, as well as indirect losses, such as lost income resulting from damage to the business's reputation or customer relationships.
- Damage to Brand Reputation - A security breakdown may affect your short-term revenue, but the long-term standing of your brand name may also be put in jeopardy. Customers care about the security and privacy of their data and breaches often involve customers' PII. Potential clients are hesitant to trust a company with a history of data breaches.
- Loss of Intellectual Property - If your technology business has valuable intellectual property, hackers are known to target these businesses. Even the manufacturing and construction industries are susceptible to these dangers. The loss of intellectual property can affect the business's competitive standing. Unscrupulous companies may use stolen information.
- Notification and Legal Cost - If personal data is compromised in the breach, businesses may be required by law to notify affected individuals and regulators. This can be a complex and expensive process, especially if the breach affects a large number of people. Businesses may also face legal costs, such as fines and penalties, as well as potential lawsuits from affected individuals.
- Future Cyber Insurance Premiums - Finally, businesses that have experienced a data breach may face higher premiums for cybersecurity insurance in the future, making it more expensive to protect themselves from future attacks.
Cyber Insurance Cost
The cost of cyber insurance varies based on many factors, your industry, the number of PII records stored, the cyber security protocols in place, the types coverage purchased, and limits purchased. Deductible amount can also affect your premium.
The median cost of cyber insurance for small businesses is $140 per month (or $1,675 per year). The median excludes high and low outliers, providing an average estimate of what your small business is likely to pay.
Cyber insurance policies vary widely in terms of the coverage they provide, so it is important for businesses to carefully review and understand their policy before purchasing it. Additionally, businesses should work with their IT staff to develop a comprehensive cyber security plan that includes preventative measures, such as employee training and network security protocols, as well as incident response procedures.
Frequently Asked Questions about Cyber Insurance
1. What can a cyber insurance policy cover?
In addition to legal fees and settlement expenses, cyber insurance coverage typically also assists with the following:
- Data breach notification costs
- Crisis management expenses
- Business interruption
- Computer and funds transfer fraud
- Extortion and ransomware payments
- Data recovery and restoration expense
- Regulatory fines and penalties
2. What does cyber liability insurance cover?
- Media liability
- Privacy and Information liability claims and lawsuits
- Defense cost for privacy liability lawsuits
- Payment Card Industry (PCI) fines and penalties
- Negligent transmission of a computer virus/worm or malicious code
3. What doesn't cyber-attack insurance cover?
Cyber liability insurance can cover significant costs relating to data compromised by cybercrime, yet it does have several exclusions. For example, data or information lost from a targeted cyberattack is covered, but data that is lost due to a power outage is not covered.
Other clauses excluded from cyber risk insurance coverage include:
- Bodily injury liability
- Property damage liability
- Data loss caused by errors or mistakes
- Dishonest or improper conduct
- Acts of war
- Failure of infrastructure
4. What is data breach insurance?
Data breach insurance, formally known as Privacy and Information Security insurance can compensate businesses for the expenses related to a data breach . These expenses can include first-party payments for notification expenses, fines, system restoration costs, ransomware demands, and lost business income.
This insurance includes coverage for third-party liability, for suits brought by customers, employees, or vendors when their Personally Identifiable Information is stolen or hacked.
5. How much cyber insurance do I need?
Cyber insurance limits can range from $100,000 up to $1,000,000 per occurrence with annual aggregates of twice those amounts. Deciding on a limit is a decision that should be made by the policy holder as only they know the extent of records and potential liability they could incur from a data breach attack.
6. What is bricking in cyber insurance?
Bricking coverage covers the cost to replace computer and electronic hardware that’s damaged or rendered inoperable due to a cyber-attack.