Every type of organization — from global companies to mom-and-pop shops that use technology to do business — faces cybersecurity risks and data breaches. This blog will explain cyber liability insurance, what it covers, and provide a cyber insurance coverage checklist to help you take the next steps toward data security.
What Is Cybersecurity Insurance?
Generally speaking, cyber insurance protects your business’ liability from cyber attacks — such as a data breach involving sensitive customer information like social security numbers, credit card information, account numbers, driver’s license numbers, and health records.
What Does Cyber Insurance Cover?
In addition to legal fees and expenses, cyber insurance typically includes:
- Informing customers about a data breach
- Helping to restore the personal identities of affected customers
- Recovering compromised data
- Repairing damaged computer systems
Companies are required in most states to inform customers when a data breach has occurred. This process can prove to be expensive, and even though most states don’t require a business to offer free credit monitoring to customers affected by a breach, many companies offer such a gesture as an act of goodwill.
Who Needs Cyber Insurance?
In today’s digital landscape, most businesses will benefit from cyber insurance. However, if your business falls into one or all of the following three categories, you’ll definitely want to have cyber liability insurance added to your existing commercial coverage. For instance:
- Does your business store important data online or on computers?
- Does your business deal with large customer bases?
- Does your business manage high revenue and valuable assets?
If any of the above sounds like you, then you should definitely consider adding cyber liability insurance to your existing coverage.
Common Cybersecurity Exposures
For just about any business, compliance with federal, state, and foreign privacy laws and regulations is a given — at least, it should be. A company’s failure to comply with these laws (even if unintentionally) can put it in the crosshairs of a regulatory proceeding and civil class action lawsuit, not to mention wreak havoc on a company’s reputation.
Under the Americans with Disabilities Act (ADA), an organization’s web presence must be accessible to everyone, including those with certain disabilities that leave them predisposed to difficulty navigating websites. While this has opened the door for a more inclusive web-browsing experience, it’s also allowed more room for consumer-related risks and data breach exposures to pop up.
In addition, a company’s failure to protect private information can lead to consumer class action lawsuits, and organizations could be presented with a shareholder (also known as stockholder) derivative suit if the value of the organization is harmed due to a data breach.
To put the seriousness of a data breach into perspective, here are a few stats:
- According to Forbes, the average cost of a data breach in the past few years has been $8.2 million.
- The IBM Ponemon Institute reports the cost per breached personal identifiable information (IPP) record to be $242.
- The IBM Ponemon Institute also reports the cost per breached protected health information (PHI) record to be $429.
- A study by Deloitte University Press reports that 80% of consumers are more likely to do business with companies that have not experienced a cybersecurity incident.
Cyber Insurance Coverage Checklist
Feeling overwhelmed with all of the information about cybersecurity, data breaches, and training? View our cyber insurance coverage checklist below for some ideas on how to get started with protecting your business from a data breach.
You can also download the checklist, print it out, and use it as a helpful starting guide as you begin the process of becoming more cyber-secure.
#1 Purchase Cyber Liability Insurance
Having the right cyber liability insurance and working with an insurance and risk management professional to help you evaluate exactly what you need is important. Key coverages include:
- Security & privacy liability addressing PII, PHI, and PCI
- Regulatory coverage including fines and penalty coverage
- First-party breach costs and response coverage
- Social engineering coverage
- Ransomware coverage
- Cyber business interruption coverage
- Data restoration coverage
- Reputational harm coverage
#2 Don’t Ignore Data Security
The requirements for each business will naturally differ from one another, though here are some general guidelines to follow to help you prioritize data security:
- Create a culture that knows, values, and adheres to compliance processes and procedures.
- Train key personnel on compliance regulations.
- Know and create an inventory of the PII, PHI, and PCI records you have of customers (should you possess any) so you have a record of what is in your possession.
- Ensure your website complies with applicable laws.
- Be sure to address non-discrimination issues to ensure your customers have the right to equitable service and pricing.
- Implement and regularly update business contingency pants (a risk management strategy can help with this).
- Use multifactor authentication for all remote employees.
- Ensure all third parties operating with your business are compliant with governing law and have the necessary cybersecurity protections.
#3 Take Advantage of Additional Loss Mitigation
Additional loss mitigation services provided alongside cyber liability insurance may include:
- Network vulnerability scans.
- Ongoing updates and vulnerabilities monitoring.
- Training for employees.
- Exercises to prepare for a breach event.
- Information security hotlines.
- Data security and breach coaches.
- Training videos.
Wrap-Up: Understand Your Company’s Needs and Evaluate Your Risk Level
One of the most important bullet points on your cyber insurance checklist is sitting down with an insurance and risk management professional. Doing so will help you see beyond your current insurance plan and identify any holes in your current strategy.
To understand what types of cyber risk insurance you need, it’s important to evaluate your risk level through a cost of risk management strategy. This will help you better assess the risks that face your business, whether seen or unseen.
After identifying the risks, your insurance partner will help you conduct an analysis to set priorities, including:
- Assessing the likelihood of the risk(s) occurring.
- Estimating the potential impact/damage if the risk were to occur. This includes both the quantitative and qualitative costs.
- Constructing a plan for how the risks should be managed and creating actionable steps toward rehabilitation should those risks occur.