Traditional insurance policies were not designed to insure against the emerging risk of cyber incidents, though limited coverage may be available with some programs. The Business Owners Policy that is commonly purchased by small to medium sized businesses rarely covers even a limited amount of electronic data loss for a business. There are however some common policies that can offer a bit more coverage such as some boiler and machinery, directors and officers or even crime policies but the limits are usually low and the coverage is very limited. It’s important to be mindful of the increasing vulnerability of your business’s confidential customer and client information as massive data breaches become increasingly popular.
In response to the ever-growing internet reliance, insurers have developed new coverages that apply to a variety of cyber security and other privacy liability risks. Each new program is tailored to meet the unique needs of the individual technology used by the company and level of risk involved. While your company may not need all of these coverages today it is important to know they exist as well as revisit them as your company grows. These coverages are typically available as a package or on an individual basis.
The Insurance Information Institute, listed out the multiple types of cyber risk coverages available in the marketplace today. Below is an extensive list:
Loss/Corruption of Data covers damage to, or destruction of, valuable information assets as a result of viruses, malicious code and Trojan horses.
Business Interruption covers loss of business income as a result of an attack on a company’s network that limits its ability to conduct business, such as a denial-of-service computer attack. Coverage also includes extra expenses, forensic expenses and dependent business interruption.
Liability covers defense costs, settlements, judgments and, sometimes, punitive damages incurred by a company as a result of:
- Breach of privacy due to theft of data (such as credit cards, financial or health related data);
- Transmission of a computer virus or other liabilities resulting from a computer attack, which causes financial loss to third parties;
- Failure of security which causes network systems to be unavailable to third parties; rendering of Internet Professional Services;
- Allegations of copyright or trademark infringement, libel, slander, defamation or other “media” activities in the company’s website, such as postings by visitors on bulletin boards and in chat rooms. This also covers liabilities associated with banner ads for other businesses located on the site.
Cyber Extortion covers the “settlement” of an extortion threat against a company’s network, as well as the cost of hiring a security firm to track down and negotiate with blackmailers.
Crisis Management covers the costs to retain public relations assistance or advertising to rebuild a company’s reputation after an incident. Coverage is also available for the cost of notifying consumers of a release of private information, as well the cost of providing credit-monitoring or other remediation services in the event of a covered incident.
Criminal Rewards covers the cost of posting a criminal reward fund for information leading to the arrest and conviction of a cyber-criminal who has attacked a company’s computer systems.
Data Breach covers the expenses and legal liability resulting from a data breach, including the expense to notify customers of the breach. Policies may also provide access to third party services helping business owners to comply with regulatory requirements and to address customer concerns.
Identity Theft provides your customers and employees access to an identity theft call center in the event their personal information is stolen. This is a requirement of most states’ privacy liability laws.
Social Media/Networking – Most cyber policies now provide coverage options for certain social media liability exposures such as online defamation, advertising, libel and slander which is an extension of coverage described above regarding online libel and slander from beyond your company’s own website to third party social media sites.
Cloud Computing – Insurers have specific products to provide coverage for cloud providers and the businesses that utilize them. Recruiting new business can be challenging for cloud providers as businesses have concerns over data security. Cloud coverage would apply to loss, theft and liability of the data stored within the cloud, whether the loss occurs from hacking, a virus or a subsequent liability event.
Depending on the specific policy, specialized cyber risk coverage can apply to both internally and externally launched cyber attacks, as well as to viruses that are specifically targeted against the insured or widely distributed across the Internet.
Premiums can range from $1,500 dollars for base coverage for businesses with less than $10 million in revenue to several hundred thousand dollars for major corporations desiring comprehensive coverage.
Having so many coverage options can be overwhelming, especially since the cyber space is constantly evolving and changing. That is why Gulfshore Insurance has specialized Client Advisors that will help you determine how to properly protect your business. They work with you to uncover your business’s unique risks and recommend programs that meet the needs of the business. Allow us to help you limit your cyber liability.