Cyber Liability Insurance - Coverage for Data Breaches
Protection Against Network and Data Breaches
Does your firm use electronic data? If the answer is yes, you may need cyber liability insurance? A cyber liability policy protects your business against data losses caused by viruses, and other threats. It also covers lawsuits against your company that result from data breaches or your failure to protect sensitive information that belongs to someone else.
Who Needs It?
Cyber liability coverage can benefit any company that uses electronic equipment to conduct its operations.
You may need this coverage if you do any of the following:
- Communicate with customers via email, text messages or social media
- Send or receive documents electronically
- Advertise your company via electronic media, such as a website or social media
- Store your company's data on a computer network. Examples of data include sales projections, accounting records, tax documents, and trade secrets.
- Store data that belongs to others (such as employees or customers) on a computer network. Examples include customer names and addresses, customers' credit card numbers, and employees' birth dates and social security numbers.
- Sell products or services through a company website
These activities may allow your company to operate more efficiently, but they also generate risks. The data you store on your could be breached, resulting in lawsuits against your firm. The data could also be damaged due to a virus, hacker attack or other cause.
Restoring or repairing the data could be very costly.
Covers Claims Not Insured by CGL Policy
Cyber liability insurance covers lawsuits stemming from events like data breaches and denial of service attacks. Such lawsuits aren't covered by a standard (CGL) policy.
For one thing, damage to electronic data does not qualify as under a CGL policy.
This is because electronic data is not considered tangible property. Secondly, most CGL policies contain a specific This eliminates coverage for claims based on the loss, damage, corruption, or inability to use data.
For example, suppose that your company provides bookkeeping services. A virus invades your computer network and damages a client's data. The client is unable to access records he needs to obtain a loan. He sues you for the damage to his data. The suit will not be covered by your CGL policy. Damage to your client's data does not qualify as property damage.
Cyber Liability Policies
protect businesses against lawsuits filed by customers and other parties as a result of security or privacy breaches. Policies vary widely from one insurer to the next. Some include , which covers claims alleging , invasion of privacy, and other . Virtually all cyber liability policies apply on a basis.
In addition to third-party liability, most cyber policies cover various first-party expenses. Here are some examples:
- Business Income and Extra Expense Covers income you lose and expenses you incur due to a full or partial shutdown of your computer system because of a hacker attack, virus or other insured peril. Such losses are not covered under the and insurance that is available under a .
- Loss of Data Covers the cost of restoring or reconstructing data that was lost or damaged due to a virus, hacker attack or other covered cause
- Associated Costs Covers costs you incur due to a . Examples are the cost of notifying affected customers as required by law, and the cost of providing credit monitoring to affected customers.
- Cyber Extortion Covers the costs associated with an . For example, an extortionist installs ransomware your computer system. The extortionist refuses to release your data unless you pay him or her a sum of money.
- Crisis Management Covers the cost of hiring public relations, legal, and computer forensics consultants
Some have developed special cyber liability for certain types of businesses, such as technology companies or health care organizations.
Many insurers offer coverages on an "a la carte" basis so that customers need buy only the ones they want.
How to Obtain Coverage
Your can help you obtain cyber liability insurance by submitting an application on your behalf to an insurer that offers the coverage. The application is likely to ask detailed questions about your firm's computer system and its security. Here is the type of information insurers typically seek:
- Firewall Does your system have a firewall?
- Virus Scans Do you scan email, downloaded data or portable devices for viruses?
- Responsible Person Who is responsible for network security?
- Security Policy Do you have a written security policy?
- Protection Software Is your system protected by anti-virus software? Do you use intrusion detection software? Do you update your software regularly?
- Remote Access Do employees, customers or others access your system remotely? If so, what system is in place to authenticate users?
- Sensitive Data What types of sensitive data (social security numbers, credit card information etc.) do you store on your computer system? Is the data encrypted?
- Access How do you control access to sensitive data?
- Data Controls Testing Do you periodically test your data control measures?
- Data Backup and Storage Do you back up your data daily? Where are the backups stored?
- Outsourcing Do you outsource any computer functions (such as data storage) to others?
- Recovery Do you have a written you would follow in event of a computer-related incident?
If you are interested in purchasing cyber liability coverage, contact your .
Article edited by