What Does Cyber Insurance Cover?
Many business owners know they need cyber insurance to cover their business in case of a cyber-attack. But what does a cyber liability policy cover? And more importantly, what is not covered? Below we will walk you through everything you need to know about cyber liability insurance, also known simply as cyber insurance.
First, there are two types of coverage in cyber policies: First Party and Third Party.
First party coverage covers you as the business owner and the financial losses you incur from a cyber-attack. For example, a cyber policy covers the costs of hiring a forensic investigator to determine the cause of a data breach and remediate the issue.
Third party coverage covers you for damages from legal suits brought against you by a third party affected by a cyber incident related to your business. For example, a cyber policy covers the costs of hiring legal defense if a business owner is sued by customers whose data was compromised in a data breach.
Here are some more specific first party coverages that can be found in your cyber liability policy:
Incident Response and Forensic Fees: This covers the costs of hiring professional investigators to determine the cause of the data breach or cyber incident and determining the parties responsible.
Business Interruption: If your business is hit by a cyber-attack and is unable to operate for a brief period, this coverage helps with the loss of income during that time frame.
Data Recovery: Restores damaged, lost, or corrupted data.
Cyber Extortion: This coverage is for the costs of experts to deal with cyber extortion schemes and can cover the ransom for stolen data.
Notification: It can be costly to notify every customer affected by a data breach, this coverage helps with the associated costs.
Reputational Damage: This cyber coverage helps your small business recover from cyber-attacks by helping restore your businesses reputation, such as media and public relations costs.
Credit Monitoring: This covers the costs of credit monitoring software for a business owner’s credit after suffering a cyber-attack.
Here are more specific third-party coverages that can be found in your cyber liability policy:
Regulatory Defense and Penalties: This covers the costs of regulatory fines and penalties, and legal defense fees.
Legal Defense: This covers legal defense fees, settlement costs, and judgements brought by third parties in connection with a cyber-attack.
What do cyber liability insurance policies not cover?
There are two main cyber insurance exclusions to be aware of in your policy:
- Contractual Liability Exclusion: This exclusion establishes that there is no coverage for liability assumed by the policyholder under a contract agreement.
- Failure to Maintain Minimum Security Standards: This is an exclusion that eliminates coverage for businesses that do not abide by minimum security standards previously established by their cyber policy. Make sure all cybersecurity measures are in place and maintained throughout the life of your policy to ensure full coverage.
There are a few other nuances to be aware of in any cyber insurance policy. First, note whether the policy has stipulations around how quickly you need to notify the cyber insurer in the case of a cyber incident. Second, determine whether the policy requires the insurer to provide written consent before certain costs are incurred when responding to a cyber threat. And third, know that some insurers require legal counsel or cybersecurity consultants to be provided from a pre-approved list.
Hopefully, you have a better understanding of what is covered and not covered by a cyber liability insurance policy. Cyber-attacks are increasing year over year and every small business that collects, stores, or transmits personal or payment information online has exposure to cyber threats. It is vital to ensure your business is properly covered.