Cyber Insurance Guide

Introduction to Cyber Insurance

The business world has changed a lot in the last decade or so, cyber security is arguably the most challenging issue facing companies today as the threat and potential impact of cyberattacks have grown exponentially. Any organization that uses technology to do business faces cyber risk. Larger organisations justifiable view cyber security nowadays as an essential - In recent months, Chipotle, Trump Hotels, Wendy’s, and Arby’s are just a few of the high-profile business who have made frantic calls to their cyber insurance agents. However, small and medium businesses wrongly believe they are not at risk because they are not big or important enough to be a target to hackers. Those businesses have a much harder time recovering from such incidents, and in many cases, the wounds are fatal. In fact, according to the government, 60 percent of hacked small businesses fold within six months.

What is Cyber Insurance

A cyber insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage keeps you and your business protected by mitigating risk exposure and arising costs involved with recovery after a cyber-related security breach or a similar event. The first thing that comes to mind when talking about Cyber insurance is a business liability coverage in case of a data breach in which customers’ personal information (Social Security or credit card, health records, account info) is exposed or stolen by a hacker. But it can be much more, as hackers become more and more creative, and value of the data increase.

When Cyber Insurance Applies

Hackers who want money usually target businesses who accept payments online or store personal information (are you reading this, doctors, lawyers, and accountants?)

Cyber security insurance protects and covers businesses against these hacks. It also covers for most security incidents caused by a hack, such as:

  • Data loss
  • Business interruption
  • Computer fraud
  • Loss of transferred funds, and
  • Cyber extortion

A word of caution: Your errors and omissions insurance is not cyber insurance, even if the E&O policy has a technology error rider.

Cyber Insurance Coverage

If hackers expose or steal personal information, such as Social Security number, driver's’ license number (in some states), address, and bank account information, a cyber liability insurance policy pays for:

  • Notification Costs: This expense is significant, because the company bears the burden of both identifying potential victims, which requires an internal investigation, and providing notification that’s reasonably calculated to give actual notice.
  • Credit Monitoring: In effect, your cyber insurance policy pays for victims’ insurance policies. Regulators usually dictate the kind of credit monitoring to provide, and it’s a safe bet they will not be satisfied with the cheapest available protection.
  • Civil Damages: Most of these liability lawsuits are class actions, which can mean tens of thousands of dollars in damages even for a very small company
  • Computer Forensics: This covers costs to hire computer forensics consultants working under the direction of your attorneys to determine whether a data breach occurred, to contain and prevent further damage, and to investigating the cause and scope of the breach.

Cyber insurance companies also have a duty to defend policyholders from related administrative actions or liability lawsuits. Additionally, most policies also provide resources that help policyholders design a cost-effective and robust security and data encryption protocol. To further minimize liability risk, consider addressing BYOD (bring your own device) procedures.

Cyber Insurance examples:

  • GOP data firm that exposed millions of Americans' personal information is facing its first class-action lawsuit, arguing that the "actual damages" exceed $5 million.
  • Yahoo is facing lawsuits from people who fear their accounts have been hacked and claim the company was "grossly negligent," putting their financial and personal data at risk. The lawsuit also allege that Yahoo did not adequately disclose the breach that exposed private information of at least 500 million users.
  • Three years after Neiman Marcus disclosed that it had become the victim of a hack attack in 2013, exposing the credit card information of more than 350,000 customers, the upscale retailer has reached a $1.6 million settlement in the subsequent class action lawsuit.
  • Target Corp has agreed to pay $39.4 million to resolve claims by banks and credit unions that said they lost money because of the retailer's late 2013 data breach. This settlement  resolves class-action claims by lenders seeking to hold Target responsible for their costs to reimburse fraudulent charges and issue new credit and debit cards.

Cyber Insurance Cost

It’s best to shop for this type of insurance by coverage as opposed to cost. Risk and coverage amount are the two biggest factors in determining premium costs, As well as revenue and number of unique PII or PHI records stored or maintained on the insured's systems. Part of the liability risk comes from the type of information that the business has, since firms that do not handle personal information or online payments are less vulnerable to attack. However, most all firms deal with this data, at least to some extent. That leaves the nature of the business, which usually means the number of employees and the extent to which they work on unsecured networks. The current Cyber liability market is soft with many markets looking to write coverage, therefore creates broad terms and competitive premiums.

Just like risk changes over time, coverage needs vary as well. It’s often a good idea to work backwards in this area as well, and consider the maximum amount of money your business could pay and remain afloat in the event of a cyber liability incident. This exercise is not merely theoretical, because as mentioned earlier, if you have a business, you will probably be hacked and it will probably cost a lot of money.

Cyber Insurance: Summary/Takeaway

As recently as a few years ago, cyber insurance may have been an expensive luxury in many cases. Now, that’s simply not true. Largely because of advancing technology, hackers are much more active and much more sophisticated. If you expect to survive the almost-inevitable security breach, a good cyber insurance policy from a strong and experienced liability insurer is mandatory.

Before you even think about taking your company online in any way, shape, or form, give us a call or sign up here. Our smart, data-driven platform guides you through the process with no strings attached and our expert brokers can help you identify your risk factors, and the types and amount of coverage you need.

P.S. Check out our blog or our Insurance Guide Section to learn even more.