As a business owner, you may have heard of cyber liability insurance but may not know what it covers, how much it costs, and how it can help protect your business. You may also be unsure whether you need cyber liability insurance. Here’s a clue: if your business collects, processes, and stores sensitive company and customer data, then you need it.
Every business that holds valuable data (e.g., credit card or bank account numbers, employee HR details, intellectual property, etc.) is exposed to numerous cyber risks like malware and social engineering scams. What’s more, businesses that have shifted to hybrid work are becoming vulnerable to even more cyber risks because of the IT security challenges the work arrangement brings.
Based on studies, global cybercrime costs will reach $10.25 trillion by 2025. Given the increase in data breaches and the occurrence of more frequent and more advanced attacks, having cyber liability insurance is proving to be a pressing need for businesses.
What Is Cyber Liability Insurance?
Cyber liability insurance is a type of insurance policy that helps businesses recover from the costs of a cyberattack and keep being operational following a breach. This type of coverage can protect your business from financial losses, loss of customer data, legal damages, business interruption, and negative reputation costs.
The type of cyber liability insurance you need depends on the nature of your business’s operations and risk level. For example, a nonprofit organization with fewer than 50 employees would require smaller coverage compared to a large hospital that holds large volumes of patient data, which would require having extensive cyber liability insurance coverage.
Note that there is some overlap between cyber liability insurance and data breach coverage as well as some key differences. Cyber liability insurance typically covers more than just data breaches; it also provides coverage for incidents like ransomware attacks, hacker extortion, and lost or stolen devices.
On the other hand, data breach coverage tends to be more narrowly focused on protecting against the theft or exposure of confidential data. Specifically, this type of insurance protects against accidental and intentional data breaches caused by software and security flaws, theft of employee data, and human error.
Regardless of the nature of risks that your business is exposed to, cyberattacks are becoming more and more common and can cause you significant financial losses. In fact, according to IBM Security’s Cost of a Data Breach Report 2021, the average total cost of a breach was the largest ever recorded. This is why it’s critical for businesses to have comprehensive cyber liability insurance.
What Does Cyber Liability Insurance Cover?
Coverages provided by cyber liability insurance policies vary widely depending on the insurer. However, most policies provide coverage for first-party expenses, or expenses that a company directly incurs as a result of a breach. First-party insurance covers costs associated with repairing or restoring computer systems after a data breach, forensic examination fees, and public relations costs incurred to repair the company’s reputation.
Some insurers also offer third-party liability coverage, which protects the business if it gets sued by someone who suffers damages as a result of a cyber incident. This can include costs associated with lawsuits, costs of settlement, and penalties and fines resulting from a business’s negligence or failure to act. For example, this policy would cover costs associated with a case in which parents sue a school that suffered a breach that resulted in students’ information being leaked and posted online.
What Is Not Covered by Cyber Liability Insurance?
Here’s a list of cyber liability insurance exclusions:
- Intentional losses. If you intentionally reveal private information online, cyber liability insurance will not cover your losses. All other types of intentionally dishonest acts will not be covered.
- Health- and property-related issues. Cyberattacks that cause bodily injuries (i.e., physical harm and the consequences of such harm) or property damage (the business property, including the property of a third party) are also excluded from cyber liability coverage.
- Illegitimate data access and collection. You cannot get cyber liability insurance if your company collects data from illegal sources, such as pirated music sites or torrent websites where data is collected without paying royalties to the original creators or producers of copyrighted content.
- Valuation decrement. If cyberattackers hack into your company’s systems and delete or damage files, causing a decrease in the company’s value, cyber liability insurance would not cover it.
There are other exclusions, but cyber liability insurance should protect you from cyberattacks that cause data breaches, cyber extortion, cyber terrorism, and the like.
Can Commercial General Liability Insurance (CGL) Help with Cybersecurity?
If you’re wondering whether it’s necessary to get cyber liability insurance, especially if you already have CGL, it would help to know what CGL is to begin with.
Commercial general liability insurance is a type of insurance policy that offers coverage to a business for personal injury, bodily injury, and property damage resulting from the business’s operations and products, or injuries sustained on business premises. CGL protects businesses from having to pay costs related to lawsuits arising from the normal course of operations, as well as nonprofessional negligent acts.
Note that professional negligence will not be covered. Professional negligence acts are those that result in physical or financial harm to your client due to erratic work or work that fails to reach required standards. For example, if an IT consultant provides faulty cybersecurity services to its client and that client ends up experiencing a breach then sues the consultant, CGL will not cover the consultant’s costs.
In short, although CGL offers comprehensive business insurance, it does not cover all types of risk. Damages caused by cyber exposure, in particular, are excluded from such policies. Therefore, your business must still obtain cyber liability insurance coverage. This way, you can rest easy knowing you won’t have to pay huge sums of money to cover costs arising from cybersecurity incidents.
What Is the Cost of Cyber Liability Insurance?
Cyber liability insurance can help you cover the costs of notifying customers about a breach, as well as repairing your reputation if need be. Cyber liability insurance also covers costs associated with lawsuits filed by customers or third parties whose information was exposed due to cyberattacks on your business.
The cost of cyber liability insurance largely depends on the following:
- Business size – The size of your business and your customer base may be a factor in the cost of your policy.
- Industry – Industries like financial services, healthcare, and manufacturing tend to have high revenue and valuable assets and may have to pay higher premiums than, say, a nonprofit organization that has fewer digital assets and lower revenue.
- Data responsibility – This pertains to how much data you are responsible for.
- Data sensitivity – The cost considerations for your cyber liability insurance also depend on whether the data you hold are private/confidential (e.g., healthcare data, credit card numbers, Social Security numbers).
Generally, cyber liability insurance is more expensive for businesses that have a higher data responsibility or data sensitivity. The cost of cyber liability insurance also varies depending on the location of your business. For instance, cyber liability insurance is more expensive in California than in North Dakota, as California businesses tend to be exposed to greater cybersecurity risks.
How to Choose the Best Cyber Liability Insurance Policy for Your Business
When it comes to choosing the best cyber liability insurance, business owners have a lot of questions regarding coverages and costs. Here are some tips to help you choose a policy that will best serve your business.
- Gauge the level of your data sensitivity before purchasing cyber liability insurance. The more sensitive the data you possess, the more coverage you’ll likely need. You’ll also want to assess your cybersecurity measures already in place; if you don’t have any, you may want to consider investing in some before buying insurance. It is also highly recommended to work with a reputable managed IT services provider who can help bolster your IT security defenses.
- Consider the premium waiver provisions and costs. Many insurers offer a premium waiver for up to a certain number of days after a cyber incident occurs. This allows businesses time to get their affairs in order without worrying about paying for cyber insurance.
- Lastly, you’ll want to review the policy terms, conditions, and exclusions. Make sure you understand what is included in your coverage and know when it will take into effect; this will help you avoid any surprises down the road if something happens to your business due to a cyberattack or breach of privacy laws.
Ultimately, the cost of cyber liability insurance varies based on several factors. These include industry type, revenue size, and growth rate, as well as other risk attributes associated with each company’s operations, such as cybersecurity programs put into place before purchasing cyber insurance policies.
If your business handles massive volumes of data, get comprehensive cyber liability insurance that offers maximum coverage and protection from cybercrimes. You should also consider getting a policy that covers costs for firsthand data breaches and third-party liability claims.