Cyber liability is not a standard insurance product. Often, it will be tailored to meet a business' unique needs, but it protects against two types of risk – first-party and third-party risks.
From a first-party standpoint, it will cover things like crisis management, hiring a public relations firm to manage a data breach incident, costs associated with forensic analysis, the cost of repairing and restoring computer systems if there is a virus that destroys business software and data, and the loss of business income resulting from a data breach.
Yet many businesses seem confident in the firewalls and virus protections they've already invested in, and thus they view cyber liability coverage, also known as Internet liability or network and information security liability coverage, as a luxury. However, many industry experts disagree with that and term it overconfidence.
As businesses and individuals navigate this shifting online risk landscape, they face a range of evolving challenges including social media related liabilities. these arise in the form of privacy, security, intellectual property and employment practices liability.
Meanwhile, amid a rising number of high profile data breaches, government is stepping up its scrutiny of cyber security. This is leading to increased calls for legislation and regulation, placing the burden on companies to demonstrate that the information provided by customers and clients is properly safeguarded online.
Despite the fact that cyber risks and cyber security are widely acknowledged to be a serious threat, a majority of companies today still do not purchase cyber liability insurance. However, research indicates that this is changing, according to the III.
Insurance has a key role to play as companies and individuals look to better manage and reduce their potential financial losses from social media and cyber risks in future.
The cost of this insurance has started to come down, which might to increase the likelihood of businesses taking tjhe leap toward coverage, but many businesses still consider it too cost-prohibitive.
But then every costly cyber crime that exposes a company to financial loss – sometimes catastrophic loss – brings closer the day when this type of coverage will be an annual cost of doing business for even non-regulated organizations. Many businesses without an internet-based sales presence wrongly believe they are exempt from cyber crimes.
Third-party risks exist for any business. Any business that collects protected health information or personally identifiable, non-public information like bank account numbers, credit card numbers, or Social Security numbers, has an insurable risk. Most states have a data breach notification law, and there are a number of federal regulations, and both state and federal statutes are a source of claims.
And most importantly, whenever there is a data breach incident, a business is required to comply with state laws in addressing the breach and notifying potential victims. The aftermath many times involves setting up identity theft monitoring services for potential victims of identity theft caused by the breach... whether it was actually breached or not is beside the point.
One of the biggest risks for a company is unauthorized access from a virus, allowing a third-party to breach the system.
Some cyber liability policies not only cover damages, they pay for defense costs. The classic example of where this would apply is the infamous TJX Companies incident, where the owner of T.J. Maxx and other retail brands had more than 46 million credit card numbers stolen from one of its systems over an 18-month period. The company had more than $9 million in settlement costs, not to mention the third-party lawsuits from the people whose information allegedly was breached. The level of protection for people's credit card information depends on the encryption technology of the credit card providers, and the authentication measures they take.
Cyber Liability Insurance Details
Since cyber liability insurance is not a conventional insurance product, its pricing can be very broad, making comparisons among products difficult and confusing. Its important to note also that premium is based on the sales of an organization... the more a company sells, the more exposure; the more exposure, the larger the premium.
The market is ever changing but in today's market, the typical premium would be $1,500 a year for cyber liability coverage.
Pricing depends on what's included in the insurance package. Some standard carriers are coming out with coverage forms. Insurers have not all acted to fill this market so there is industry reluctance as well.
Some policies offer less bells and whistles, and most provide stronger first-party coverage with more limited third-party coverag. Few policies provide coverage for information that is in a non-electronic format, so in cases of pharmacies that haven't made the entire transition to electronic medical records and still has legally protected health information in paper files would carry considerable risk.
Smart business organizations have well- developed and well-communicated policies and practices in place to prevent a data breach from occurring. They also should have developed a crisis management process that governs what to do in the event the unthinkable happens, which is where pieces of cyber liability insurance come into play.
When a data breach occurs, an insurer typically works with the client to find out what has transpired, the cause of the breach, and the impact on the business and its reputation. This claim process can take much longer than most.
Cyber liability is not something that has a definable timeline like a flood that interrupts business operations. It's a claim that could evolve over a much longer period of time.
