If you’re curious how Cyber insurance differs from Technology Errors & Omissions coverage, click here.
Cyber insurance is everything, but the definition is seldom agreed upon. That means that if you ask five different people for their definition, you may get a few different version. From an insurance point of view it means this:
- First-Party Expense Coverage
- Third-Party Liability Coverage
First-Party Expense
Before we jump into liability coverage, let’s unpack what we mean by First-Party Expense. Put simply, any expense that you incur as a result of a Cyber event would be considered First-Party Expense coverage, subject to the terms and conditions of your policy. Things like notifications sent to affected and potentially affected parties of the breach required by state law or statute; Credit monitoring costs; retaining a Public Relations firm to help you craft a response to the general public; hiring a Forensics company to research the event and evaluate its scope; costs associated with recreating lost or corrupt data.
And we haven’t even touched the elephant in the room: Ransomware. More and more policies are including coverage for Cyber Extortion expenses associated with a bad actor infiltrating your systems and encrypting your data, holding it for a Ransom. This ransom is usually requested in Bitcoin so there’s additional expense associated with obtaining the requisite digital currency.
What about if the Cyber Event interrupts your normal business operations? Are your systems/applications hosted on premises or with a Cloud Service Provider? If your business is interrupted, it may affect your ability to generate revenue during the outage causing a Business Income loss. Every minute is valuable and getting back online as soon as possible is the goal.
Third-Party Liability
Now that we’ve touched upon expenses you may incur as a result of a Cyber Event, what about damages to 3rd parties that you may have caused? Wait a minute… You’re saying that if my systems are compromised by someone else that there’s a way for me to be responsible for damages to a 3rd party? Absolutely. If you hold Personally Identifiable Information (PII) during the course of your business, or if you provide a Professional Service related to securing someone else’s network then a breach in that security could fall back on you. Back to the Cyber Event from earlier. If your systems are down, and you host a Software-as-a-Service platform for your customers, and they’re not able to access said system that they’ve paid you for… See where this is going? If that customer relies on your SaaS product to conduct their business, and they can’t access it, you may have inadvertently interrupted their operations as a result.
Or if you’re a retail operation that stores PII on behalf of your customers, what happens if your systems are breached and that information is stolen? If your customers were to suffer damages associated with Identity Theft you may be found liable for said damages resulting from a failure of yours to protect that information.
Cyber Insurance can also cover things like allegations of Copyright or other Intellectual Property infringement in the course of your business operations; or even Personal & Advertising Injury stemming from things like libel, slander, false advertising, etc.
Now more than ever, businesses of all shapes and sizes will come to rely on Cyber Insurance as more and more operations are taken online. For two years in a row, business owners have named Cyber as their Number One fear-driver leading to decision making. And Cyber events show no sign of slowing down. Ransomware is said to attack a new target every 14 seconds. You’ve been reading this article for, say, five minutes now. That equates to roughly 20 attacks since you’ve started. That’s a lot!
Is your business protected from this growing threat? We can all agree that if you’re not, you should be.