Key Takeaways
- Cyber insurance helps businesses recover from financial losses due to cyberattacks.
- First-party coverage covers data recovery and notifying affected customers.
- Third-party coverage covers legal expenses from lawsuits related to compromised data.
- Cyber insurance is crucial for businesses storing any kind of sensitive customer information, like health records or credit card numbers.
- Small businesses can typically purchase a policy for around $1,740 annually.
What Is Cyber Insurance?
Cyber insurance is a type of commercial insurance that protects businesses from financial loss due to data breaches and other types of cyberattacks. It covers computer-related risks that aren’t covered by your general liability or commercial property insurance. Many cyber policies cover your direct expenses, such as the cost of replacing lost data and settling and defending lawsuits. You should consider buying cyber insurance if your business stores valuable customer data using computer technology.
Coverage Options Provided by Cyber Insurance
Cyber policies vary widely, but many cover recovery expenses (first-party coverage) and costs related to lawsuits (third-party coverage). They may also pay the cost of settling lawsuits by customers whose data has been compromised in a cyberattack against your business.
Important
All states have laws requiring businesses to notify individuals whose personal data has been compromised in a data breach. If the breach involves health records, businesses may need to notify the Federal Trade Commission (FTC) and other federal agencies.
First-Party Coverages
First-party insurance covers your direct costs to recover from a data breach or other cyberattack. If a cybercriminal infects your computer system with a virus or steals valuable data, your cyber insurance may cover costs to do the following:
- Notify customers whose data has been breached
- Provide credit card monitoring for affected customers
- Hire a public relations consultant to restore your company’s reputation
- Hire a consultant to identify the cause of the breach
- Restore your lost or damaged data and repair your computer systems
Some policies may cover additional expenses, such as the cost of crisis management services, payments you make to a cyber extortionist, and income you lose due to a data breach.
Third-Party Coverages
Third-party insurance covers the cost of defending and settling lawsuits against your business by people whose information has been compromised in a data breach. For instance, suppose a hacker steals customers’ credit card numbers from your computer system. If a customer sues you for failing to secure their information, your cyber liability insurance should cover the resulting damages or settlement costs and legal expenses.
Third-party coverage may also apply to fines or penalties levied against you by a regulatory agency, such as the Federal Trade Commission, for failing to comply with data breach laws.
Limitations and Exclusions of Cyber Insurance Policies
Cyber insurance doesn’t cover every data-related loss. Policies vary, but many exclude the following risks.
- Bodily injury or property damage: Third-party coverage excludes claims resulting from injuries to people or damage to physical property. However, some policies cover claims for mental anguish or emotional distress by people whose data has been compromised.
- Employment practices: Policies exclude claims by your workers for discrimination, wrongful termination, or other illegal acts related to their employment.
- Patent or copyright infringement
- War, insurrection, and related events
- Failure to safeguard data: Some policies cover data losses only if you’ve taken adequate steps to safeguard your computer system.
- Portable devices: Some policies exclude losses resulting from thefts or loss of laptops, smartphones, and other portable devices.
Identifying Businesses That Benefit from Cyber Insurance
You should consider buying cyber insurance if your business uses laptops, smartphones, or other computer technology. Virtually any business that utilizes technology is vulnerable to a cyberattack. A cyberattack can generate huge costs, disrupt your business, and damage your company’s reputation. Cyber insurance will pay many of your costs and help your business recover from the attack.
Cyber coverage is essential if your business stores sensitive data such as health records, credit card numbers, or Social Security numbers. If the data is hacked, your cyber insurance will cover the cost of notifying affected customers. It will also cover your legal costs if customers affected by the breach sue your business for negligence.
Warning
Cyberattacks occur frequently, about every 20 seconds, and about half are directed at small businesses. Almost 40% of victims spend $50,000 or more responding to the attack.
Understanding the Costs of Cyber Insurance
Many small businesses can buy cyber insurance for about $1,740 per year. The premium your company will pay for a policy depends on several factors, including the size and nature of your business, the amount of sensitive data you handle, and the security measures you have in place. A plumbing contractor will likely pay less than an investment services company. Your premium is also affected by the coverages and limits you choose as well as your loss history.
What Are Examples of Claims Covered by Cyber Insurance?
Here are some scenarios covered by cyber insurance:
- A disgruntled former employee hacks into your computer system and corrupts all of your employee and customer records.
- Following a data breach, several customers sue your business for failing to protect their sensitive data adequately.
- An employee downloads a document containing a virus that infects all of the documents on your computer system.
- A denial of service attack forces you to shut down your business for three days, causing you to lose income.
- A hacker takes control of your computer system using ransomware and demands $25,000 to release your files.
How Is Cyber Insurance Different From Data Breach Insurance?
While insurers use various labels for cyber-related coverages, cyber insurance generally has a broader meaning than data breach insurance. Cyber insurance includes third-party liability insurance and data breach coverage (a first-party coverage). Cyber liability insurance pays for damages or settlements that result from claims against your business by customers whose sensitive data has been compromised.
Data breach insurance covers costs your business incurs to recover from a cyberattack, such as the costs to restore your lost data and notify affected customers.
Is Technology Errors and Omissions Insurance the Same as Cyber Insurance?
No, they are not the same. Technology errors and omissions insurance (tech E&O) protects technology designers, manufacturers, or installers from claims resulting from errors or mistakes they make when making or designing their products or providing their services. Cyber insurance covers businesses that use technology, protecting them from financial losses caused by damage or theft of their computer data. Many cyber policies cover first-party expenses (such as the cost of restoring lost or damaged data) and the cost of settling third-party lawsuits.
Is Cyber Insurance Mandatory?
Cyber insurance isn’t required by state or federal laws, even for banks and other financial institutions. Consequently, most businesses can choose whether or not to buy it. But businesses that design, make, or install technology may need to buy tech E&O insurance to comply with the terms of a contract. For example, say A-1 University hires Tip-Top Tech to overhaul the university’s computer system. Before Tip-Top can begin any work, it must produce a certificate of insurance showing it has bought tech E&O insurance with the coverages and limits specified in the contract.
The Bottom Line
Almost any business that uses technology that connects to the internet or cellular networks is vulnerable to a cyberattack. A hacking event can generate enormous costs, disrupt your business, and damage your company’s reputation. You can protect your business by purchasing cyber insurance. A cyber insurance policy will pay many of your expenses, such as the cost of notifying customers and reconstructing lost data. It will also cover settlements and legal costs resulting from lawsuits.
