Cyber Liability insurance is used to provide financial assistance in the event of a cyber-attack. Often your general liability insurance policy or professional liability will contain some basic cyber liability coverage but with the increased risks and potential financial exposure a standalone policy should be considered. There are numerous attacks that can happen to a business such as ransomware, phishing, and complex impersonation schemes.
What does it cover? Cyber insurance is new so there aren’t really standard coverages that we see with traditional general liability coverages. Each carrier and policy will have its own set of limits and exclusions. Companies should be discussing these policies with both their Managed Services Provider (MSP) and the insurance agency that will be providing the policy. Your MSP can help you determine where your largest risks are and the attacks that will carry the largest impacts to your business.
When looking at cyber insurance it will break down into first party coverage and third-party coverage. First-party coverage will be the immediate expenses such as notifying the public, fixing the problem, business interruptions costs, extortion money, and other ancillary costs. Third party coverage helps the company defend against lawsuits and legal claims. This would be items such as privacy lawsuits, governmental fines, or breach of contract claims.
What is typically not covered? Most cyber policies offer additional riders that can include these items, but many standard cyber policies don’t cover criminal activity or social engineering attacks. They also do not cover items found in your general liability policies such as bodily injury or property losses.
Should your company consider cyber insurance? The answer in almost every instance is yes! I am not saying every company can afford the coverage, but they should explore their options, weigh their risk, and make an informed decision. Purchasing cyber insurance is not much different than any other insurance policy, you are essentially financing an expected loss. We buy car insurance (not only because we must) but because we assume at some point, we are going to have an accident and those one-time costs can be very high. We purchase health insurance because if we end up in the hospital, we won’t have a one-time bill for tens of thousands of dollars or more. Every company should be operating under the premise that you are going to have a cyber-attack. The question is, would you rather pay a smaller fee over time or end up with a huge bill that could potentially cripple your business.
