Cyber attacks such as ransomware will cost individuals and businesses $265 billion (USD) annually by 2023 (and that's just one slice of the cyber liability pie). Today, with everyone using their phone or computers, there's every reason to have an insurance policy to protect your assets. Cyber Liability Insurance protects your business from financial losses due to data breaches, malicious cyber attacks, and other cybercrimes. From small to large businesses, this policy is designed to defend your company if an attack compromises financial, sensitive company, and customer information.
Picture this - you've started or built a business that is generating revenue. You have employee's, money going in and out of your systems, and you have happy customers. One day you walk in the office and the funds in your company bank account are significantly lower than you remember. Turns out, an employee with access to your bank account clicked a link in an email and a hacker stole your companies funds.
Also known as cyber risk insurance or cyber liability insurance, this insurance product pays the costs associated with lawsuits when your business is targeted in a cyber attached, as well as the expenses associated with other victims involved. It basically pay to defend you and covers the financial losses that are compromised.
Cyber insurance was developed decades ago when the internet was born as a way to protect online content or software. After more and more companies relied on technology to store and process sensitive data, insurance carriers developed new policies to protect business owners and their customers.
Packaged with safeguards such as data back-ups, multistep verification, and cyber security software, a cyber liability policy an amazing tool to have when an attack happens. As the world becomes more dependent on their technology, and as bad players become better at breaching security, a cyber policy should considered.
Cyber insurance can protect a myriad of situations and are usually custom-designed for your business. Every insurance carrier has their own set of coverage and exclusions, so it's important you work with an advisor to analyze your business. Further, if your business is part of an emerging industry such as HealthTech or Blockchain, it's even more important to review coverage as traditional policies limit coverage for new risks.
At it's core, a cyber liability policy defends your business if it is attacked and sensitive information is compromised, or company funds are stolen. Your cyber insurance will cover the services and expenses to recover this information or money. In addition, it will pay for legal fee's and settlements if a situation reaches the courts.
Most cyber policies have two layers - first part and third party. A first party is an attack on your businesses computers or systems, a third party is an attack on your client, partner, or vender system (if you are hosting or responsible for maintaining their data).
When an attack happens, there's a lot of unexpected costs. Below are a few common examples of costs that are covered by your cyber insurance:
- Lawyers & Legal Fee's
- Forensic Analysis and Investigative Support
- Data Loss, recovery, and recreation
- Loss of Revenue and Business Interruption Expenses
- Loss of Funds
- Computer Fraud
- Credit Monitoring Services
- Cyber Extortion
- Breach Notification Support
- Crisis Management and Customer Support
Your cyber insurance company also has a duty to defend policyholders from related administrative actions or liability lawsuits. If your business is storing sensitive customer data or employee information, the privacy liability layer will defend your business from lawsuits. It also protects your business if you've violated privacy laws.
ADVISOR TIP: you may have the option to package your Errors & Omissions, or Technology E&O, with your Cyber Insurance. This is a complementary policy with cyber as it protects your business if your technology is providing advice or professional services.
Your insurance policy is a legal contract between the insurance company and your business. When the unfortunate occurs and you need to file a claim, everything that is or isn't covered will be mapped out in your policy. Each insurance company writes their cyber insurance policies differently, however, they all include similar layers (ie, coverage sections). Your advisor will go over each section in detail and explain the ins and outs of each layer, so don't worry about being an expert on any of this.
Generally speaking, a cyber insurance policy can have the following layers of coverage:
- Network Security: In the event of a security failure, including data breach, cyber extorsion, data restoration, and ransomware, your Network Security will provide coverage. This includes first party costs (ie, your businesses financials or data) and typically includes legal expenses, forensics, breach notification, and public relations.
- Privacy Liability: Perhaps the most widely known cyber event, Privacy Liability protects your business from a cyber attack involving customer or client data such as personal information like social security, financial information, and other sensitive data you manage.
- Business Interruption: If your business relies on technology or data, especially if this is your main source of revenue, then you cyber insurance will be a huge benefit if a breach occurs. Network Business Interruption coverage allows you to recover lost profits and fixed expenses that may be incurred at the time your business was attacked.
- Media Liability: If your business does any digital advertising, print advertising, and/or social media, a Media Liability policy will provide coverage for intellectual property infringement.
- Errors & Omissions: If your business is contractually obligated to fulfill services, a cyber event could prevent you from delivering these services and result in breach of contract. Errors & Omissions (E&O) will cover these allegations and cover legal defense costs or other indemnifications.
Each business has it's own unique set of risks, so assessing the operations and modeling the cyber exposure is an important process to go through when deciding your limits for each layer above.
ADVISOR TIP: In addition to a full analysis of your business and cyber operations, your advisor will conduct a free cyber risk assessment and analyze vulnerabilities (ie, a robot will scan your website for security).
As the case is with all insurance policies, there is specific language and exclusions that explain what a cyber liability policy will and will not cover. Contrary to popular belief, if you have cyber insurance it doesn't necessarily cover all cyber-attacks. In fact, more and more insurance companies are adding exclusions and limiting coverage, so it's important to work with an advisor that can customize the policy to cover your operations.
Most standard cyber insurance policies exclude the following:
- Third-party Bodily Injury and Property Damage: injury to third parties like customers or vendors are covered on a General Liability policy.
- War, invasion, or terrorism: unless added, any events from a terrorist or government-sponsored group my be excluded (sometimes called TRIA)
- Prior Acts: events that occurred before the policy inception are not covered
- Patent, software, and copyright infringement: some cyber insurance may cover defense costs for infringement claims, however, it can often be excluded.
- Security Standards: if you do not maintain security standards, especially those listed on the application, then coverage will be excluded.
- Electronic Device Damage or Loss: your business property is covered on your Business Owners Policy or Property Insurance Policy.
The moment your business decides it's time to collect any financial information or customer data, is the the moment when you need to consider a cyber liability policy. Cyber crimes such as wire fraud, social engineering, malware, and email comprises are on the rise and becoming a threat to any individual or business owner. The size of your business should not indicate when you need to get cyber insurance considering a significant number of attacks each year happen with single person start-ups.
If you're considering a cyber insurance policy a great place to start is by asking yourself a few questions.
- Are you storing any customer names, addresses, and contact information?
- Do you have any social media accounts or video content?
- Are you collecting any financial information like credit cards, debit card, and checking accounts?
- Do you wire or transfer any funds from your bank account?
- Are you storing any employee information such as social security numbers?
- Are you responsible for any client data?
- Do you provide any advice or services that are in a contract?
- Do you have any intellectual property?
If you answered any of these questions YES then it's a good sign that you may need to include this in your risk management plan.
ADVISOR TIP: it's best to learn about your states data privacy laws as states are increasing businesses' responsibility for protecting customer data. You may be required to have cyber insurance.
Every day, new cyber threats are surfacing and affecting every size organization, from small retail stores to public technology firms. The world continues to depend on phones and computers, and bad players are getting better at breaching them. If you're not thinking ahead, then chances are you'll run into cyber insurance being required by a client, government entity, or your board/investors.
As a business owner, you will likely run into one of the scenarios below prompting a cyber insurance policy:
- You're thinking ahead: If your business uses technology to operate, collect personal, financial, and other sensitive information, then the impacts of a breach can be mitigated with cyber insurance. If you're business relies on technology or manages data, then a cyber policy is a no-brainer.
- Government Regulations: As more and more breaches happen, countries and states are stepping in to regulate and require businesses to carry cyber insurance. In California for example, business owners must comply with the California Consumer Privacy Act of 2018. Cyber insurance would provide coverage for regulatory fines and penalties.
- Board of Directors: Individuals sitting on the boards of companies have taken more interest in overseeing the insurance. Outside of the most common Board requirement, Directors & Officers Insurance, other insurance such as Cyber Liability, Errors & Omissions, and Employment Practices Liability are a priority.
- Vendor Contractual Requirement: If you've executed an agreement with a vendor, partner, or client, you may be familiar with an indemnification section or insurance requirement section. General Liability, Auto Liability, and Workers Compensation are standard requirements, however, more and more diligent businesses are requiring Cyber Liability and Data Breach.
We encourage you to think about the technology you are using, data you are collecting, state regulations you need to comply with, and any board, partner, vendor, or client contract require cyber liability insurance.
The cost of cyber liability insurance depends on numerous factors such as your operation, the safeguards in place to prevent breaches, the number of record / customer, and more. Overall, the cyber industry is seeing rates go up and down depending on the type of business (as of 2022). Industries such as blockchain, financial technology, and life sciences have higher cyber liability rates versus traditional industries like food, agriculture, and hospitality.
For a new business handling a small number of records, premiums range from $500 to $2,500 a year. For a larger company managing thousand of records, premiums range from $5,000 to $100,000 a year.
It's best to focus on the quality of the insurance carrier and the coverage when you think about the price. There are plenty of fast and cheap ways to get cyber insurance, but chances are you'd regret it if a claim happened. Insurance is like most things in life - you get what you pay for.
We understand that the cost of insurance can be a challenge for your business, however, if you work with the right advisor and have access to every cyber insurance provider, then you will get the most competitive pricing.
We could have our algorithm give you a quote in 10 minutes. But your business deserves better than that. You deserve a dedicated insurance advisor and service team who knows how to manage complex risk.
Your personal insurance advisor will negotiate the best coverage, at the best rate, from the best insurance carriers. Because anything less wouldn’t be acceptable.
Think of us like your personal risk management concierge. The godparents to your business. Call, email, text, DM... we’re here whenever you need us.
Paperwork is annoying. So we do business digitally. Life is just easier that way. Plus killing trees is mean.