Most businesses have cyber security insurance of some sort, but what does that mean? Cyber policies span a wide range, and the coverage you receive can vary just as widely. So – does your business need this type of insurance and what does it cover?
Learn everything you need to know about cybersecurity liability coverage and what it is for. Find out whether your business liability insurance includes a cyber provision and the extent to which it might provide coverage for a variety of events. And, see if your business is getting the amount of coverage it needs for cyber-related incidents.
Cyber Security Insurance Guide – 2021: What is It and Who Needs It?
Of all the types of insurance for small businesses, the vast majority of businesses lack cyber security insurance. Cyber coverage is known as cyber liability insurance, and it is a purchasable add-on to most insurance companies’ standard business liability insurance policies. But the extent of coverage can widely vary between insurers.
If you are unfamiliar with why your business might need cyber protection, just consider the recent Solar Winds hack, Microsoft Exchange cyber attack, or the 36 billion digital records exposed through data breaches in the first half of 2020. Cyber threats are reaching small businesses on an entirely new scale, and the average data breach for a small business costs nearly $4 million in damages and repairs.
In 2021, most small businesses know that they need cybersecurity liability protection. So the real question is what you need your policy to protect. And, the answer is different for every business.
What is Cyber Liability Insurance?
Cyber liability is specialty business coverage for risks associated with digital threats to a business’s information, internet technology infrastructure, regulatory liabilities – and more. The majority of business liability policies refrain from expressly mentioning cyber coverage – unless to rule it out. You can add it to your general liability policy to cover events like data theft, ransomware extortion, malware attacks, denial of service – and others.
If you have cyber insurance, your business is covered for losses and other costs related to qualifying events. These costs can include legal fees and the associated expenses to investigate the cyber event.
But, a claim can be denied by the insurer for several reasons, like failing to safeguard the stolen data in the first place. And, according to IBM, nearly 85% of corporations fail to correctly safeguard their data files. So, along with coverage comes the responsibility to manage and monitor the security of your network.
Do You Need Coverage for a Cyber Event?
About 63% of small businesses reported experiencing a data breach in 2019, and the percent is only likely to increase in the coming years. And, of the businesses that experience a cyber attack, around 60% are out of business within a timespan of months. At the end of the day, if your business has valuable digital assets, it makes sense to have coverage.
Since the beginning of the COVID-19 pandemic, digital adoption by small businesses has accelerated six-fold. Between March and October 2020, like many businesses newly adopted a digital presence as was true of the past three years – combined. So, it is no wonder that cybersecurity threats have increased as well.
Legal and Contractual Cyber Insurance Responsibilities for Businesses
When it comes to your business’s requirement to have cyber coverage, you might be under legal or contractual obligations if your company handles any personal information. Especially when it comes to customers’ and clients’ sensitive information, your state’s requirement for cyber insurance might be obligatory. Even if the data files are kept in “off-line” storage, you likely need cyber coverage if your business stores credit card information, bank account numbers, social security numbers, and even names and addresses.
Another reason you might be required to have cyber coverage on your general business liability policy is if your business’s revenue crosses paths with European markets. If you deal with businesses or sell to consumers in Europe, the European Union mandates the application of standards implemented under the General Data Protection Regulation (GDPR).
What Types of Events and Incidents Does Cyber Liability Cover?
The events and incidents covered under a cybersecurity insurance policy regarding your business’s digital exposure. In general, the costs associated with an event are covered for first-parties, third-parties, or both. Expenses that are covered for first-parties often include the costs of IT forensics, credit protection, crisis management, notifications, and crime engineering.
Third-party expenses often cover the costs of breaches of contract, breach of network security, Denial of Service (DoS), malware and computer virus software transmission, negligence of the protection of data therewithin, legal defense and fees, and financial penalties as a result. Also, cyber policies generally cover some or all of the costs associated with a ransomware event, in which digital assets are leveraged by hackers for financial extortion.
Even when all the best safeguards are in place and the best standards of cybersecurity are being followed, cyber threats still pose a threat. In the event of a cyber attack, is your business covered? Talk to an insurance associate today for a free consultation on choosing a cyber security insurance plan that protects your business’s digital liability.