Cyber liability and crime insurance address losses, but one covers direct losses while the other covers indirect losses. However, the coverages are so nuanced that it often seems overlap (and confusion) occurs. This post clears up any misconceptions about these policies so that you can purchase the coverage you honestly need.
What Is Crime Insurance?
Crime insurance covers businesses that experience direct losses of money, securities, or other tangible property. Unsurprisingly, money theft crimes come in many forms. Employees could steal from you on the job, a criminal might rob the armored vehicle hauling your business’s valuable assets, or you could encounter a fraudulent wire transaction. And that’s just for starters.
This particular coverage addresses direct hits, purposeful attempts to steal directly from your business. When it comes to these losses, you were targeted; there are no if, and, or buts. Consider the following claim example.
Tim worked in accounting for Company.com. He was hired by the organization’s CEO, Jill, after connecting through their college’s alumni network. A couple of months in, Tim received an urgent email from Jill@comppany.com asking him to wire $15,000 to an account to sponsor an alumni event. Tim didn’t notice the typo in the email address and never thought a criminal would scour his LinkedIn profile for personal info to exploit. Tim found out the next day that he was the victim of a spear-phishing attack.
What Is Cyber Liability Insurance?
Cyber liability insurance protects companies against third-party lawsuits relating to electronic activities. This coverage typically also provides plenty of recovery benefits regarding data restoration and reimbursement for income lost and payroll spent.
Data breaches in the US cost companies an average of $4 million per incident. Plus, with people sending roughly 269 billion emails each day, it’s no surprise that nearly one out of every 2,000 is a phishing scam. According to research, phishing emails initiate 91% of all cyber attacks.
Much like crimes, unfortunately, cyberattacks come in many forms, such as:
- Denial of Service (DoS)
- Distributed Denial of Service (DDoS)
- Malware (i.e., ransomware, spyware, worms, viruses, etc.)
- Password attacks
- Cross-site scripting
- Zero-day exploit
The following is a claim example of how cyber attacks can occur:
A non-profit community action corporation, Save The World, printed two 1099 forms on one piece of paper. An employee was supposed to separate the forms (tax and social security numbers) and send each to their rightful owner. Instead, one person received both copies, who fraudulently used the other’s information to go on a shopping spree.
How to Differentiate Each Loss
The business landscape has undergone a massive transformation in the past few years, giving criminals a facelift and blurring the lines between insurance coverages even further. But a few key elements can help you know what constitutes a cyber liability loss and crime loss. For example, here are three questions to sort through these slight differences:
1. What kind of loss is it, direct or indirect?
Direct losses due to crime are typically more blatant. The armored truck example above is relatively straightforward. However, consider receiving a fraudulent wire transfer. Yes, this incident happened electronically, but it was a targeted hit on your revenue.
Your company performed a service or sold a product, yet the transaction was fake, so you didn’t get paid. Not only did it ding your inventory, but the attack also sabotaged your balance sheet. We consider this situation a direct hit and expect crime insurance to respond.
As mentioned above, cyber liability insurance protects your business against indirect losses occurring electronically. Data breaches are an example of cyber loss because these attacks usually compromise a client’s personal information.
Many unfortunate events can happen when personal information is in the wrong hands. Unfortunately, the damages your client experiences could be your responsibility. The insurance world considers this loss as an indirect one.
2. Is the loss tangible or intangible?
Crime insurance covers physical losses, such as money or merchandise theft. If you can touch it or it’s substantial material, the loss is tangible. Remember that securities also fall into the “tangible” category, even though these tradable assets aren’t usually parked on an inventory shelve, per se.
Cyber insurance, on the other hand, covers intangible losses. You can physically hold financial assets or dollar bills; however, our hands can’t hold data files or personal information. Those items are more abstract and therefore fall under cyber liability policies.
3. Who experienced the loss, first or third party?
Crime insurance covers losses that happen to you or your company and is known as first-party losses. Often, a criminal will steal directly from you. Although the direct loss eventually impacts others, the initial hit was aimed at you.
Cyber liability insurance flips the script by covering losses that occur to another person or entity, such as a client. The finger of blame typically points back to you; however, the loss was more of a sideway attack, per se.
Your clients or contracted vendors take the first blow, but you undeniably feel the ripple effect — and you are typically left with the messy clean-up.
The Key Takeaways
Cyber liability and crime insurance face several overlaps, and the offenses often unfold in similar ways. Still, these distinctions draw the line between the two:
- Crime insurance responds to direct losses, whereas cyber liability insurance deals with indirect losses.
- Crime insurance covers tangible losses; however, cyber liability insurance addresses intangible losses.
- Crime insurance protects against first-party losses, and cyber liability insurance protects third parties from losses.
Understanding the details of what coverage your company needs can be a confusing process. Founder Shield specializes in knowing the risks your industry faces to make sure you have adequate protection. Feel free to reach out to us, and we’ll walk you through the process of finding the right policy for you.