Just released: How to raise venture capital in 2023

Download

Cyber Insurance

Cyber insurance protects companies from third-party lawsuits relating to electronic activities (i.e., cyberattacks, ransomware, social engineering, data breaches, etc.). Plus, it offers many recovery benefits, supporting data restoration and reimbursement for income lost and payroll spent.

 

 

Reasons for getting Cyber Insurance
hero icon 1
Protects against financial loss and notification expenses
hero icon 2
Covers forensic investigations and data recovery
hero icon 3
Helps cover legal costs and lawsuit settlements

What Is Cyber Insurance?


Cyber insurance is a specialty liability policy protecting businesses against cyber incidents stemming from electronic activities, such as internet-based risks or IT infrastructure-related risks. It provides a unique combination of coverage options, helping companies manage their cybersecurity risks and mitigate threats before and after a breach. But why?

Cyber risk has been increasing for some time and is more prominent now than ever, with the most recent cyberattacks regularly headlining worldwide news. Massive enterprises and small businesses felt the sting of freshly compromised data. Do you remember recent data breaches, specifically involving Twitter? How about when cybercriminals hacked into Uber and DoorDash? Microsoft, Ronin, and Red Cross also experienced devastating cyberattacks in 2022.

It’s safe to say that the global pandemic sent cybercriminals into overdrive, hacking into the slightest network security failure or remote vulnerability. As a result, this dynamic shift has created massive complexities in insuring cyber risks. However, cyber insurers have diligently evolved cyber liability insurance that provides innovative solutions to these new cyber claims.

Cyber insurance is sometimes known as cyber liability insurance or cybersecurity insurance. First and foremost, it’s first-party coverage, but cyber insurance policies can also include coverage for third-party costs. Cyber liability can provide up to four branches of coverage to protect businesses: errors and omission, network security, media liability, and business interruption. As mentioned, cyber liability insurance can provide a unique combination of coverage options.

 

 

Cyber Coverage

Some commercial lines of coverage provide first-party and third-party coverage, cyber insurance included. In today’s Digital Age, nearly every organization benefits from having cyber insurance. Hackers aren’t picky about who they target, after all.

 

 

Who Needs Cyber Insurance Coverage?

Given US data breaches cost an average of more than $4 million, companies of all sizes should consider cybersecurity a top priority. Cybercriminals scout businesses with fractured processes and technology, executing sophisticated multi-tiered attacks to infiltrate the company’s network. Loads of personally identifiable information (PII) are stolen every year, resulting in third-party lawsuits, plus fines and penalties from regulators. That said, cyber insurance is vital for the following industries:

 

 

Healthcare

Hundreds of thousands of patients rely on you to protect their personal identifiable information (PII).

 

 

Financial Services

The average cost of a data breach is more than $4 million, and financial services are first on most cybercriminals’ target list.

 

 

SaaS

Notification costs, lost income, and cyber extortion losses equal a tough rebound for this industry.

 

 

Ecommerce

The damage to your reputation alone could cause your company to shutter after a cyberattack.

 

 

What Does Cyber Insurance Cover?

You will have to consult your policy documents to confirm exactly what coverage your cyber insurance provides but here are a few scenarios that typically would and would not be covered. You can read more about what cyber insurance covers here.

 

 

Loss or Damage to Electronic Data

Many policies cover losses caused by damage, theft, disruption, or corruption of your electronic data. They also cover damage or theft of data stored on your computer system that belongs to someone else. For a loss to be covered, it must result from a hacker attack, virus, or denial of service attack. This policy generally covers the costs to restore or recover lost data. It may also cover the cost of outside experts or consultants you hire to preserve or reconstruct your data.

 

 

Loss of Income or Extra Expenses

Many policies cover income you lose and extra expenses you incur to avoid or minimize a shutdown of your business after your computer system fails. The loss of income and extra expense coverage afforded under a cyber liability policy differs from that provided under your commercial property policy. Cyber policies cover income losses and extra expenses that result from an interruption of your computer system. Property policies cover income losses and extra expenses that result from an interruption in your business operations caused by physical damage to covered property, which does not include electronic data.

 

 

Cyber Extortion Losses

Cyber extortion coverage applies when a hacker or a cyber thief breaks into your computer system and threatens you and your business. For instance, a hacker may threaten to damage your data, introduce a virus, or shut down your computer system unless you pay them a sum. The perpetrator may also subject your computer system to a denial of service attack or threaten to release confidential data unless you pay the sum demanded. Extortion coverage typically applies to expenses you incur (with the insurer’s consent) to respond to an extortion demand and the money you pay the extortionist.

 

 

Notification Cost & Reputation Damage

Policies may cover the cost of notifying parties affected by the data breach by government statutes or regulations. They may also include the cost of hiring an attorney to assess your firm’s obligations under applicable laws and regulations. Some policies cover the cost of providing credit monitoring services for those affected by the breach. Some also cover the cost of setting up and operating a call center. Some policies cover your marketing and public relations costs to protect your company’s reputation following a data breach. This coverage is sometimes referred to as Crisis Management.

 

 

Cyber Insurance Policy

Cyber insurance covers:

 

 

hero icon 1
Crisis management
hero icon 2
Defense costs
hero icon 3
Forensic and regulatory investigations
hero icon 2
Betterment

How Can I Manage My Cyber Policy & Risks?


Insurance carriers continually evolve their cyber policies to keep up with an ever-changing digital landscape. However, organizations must do more to meet new prerequisites of cyber coverage.

For example, company leaders must rally their workforce to accept more cyber responsibility. This approach includes ongoing employee training and providing workers with updated networks and security systems to complete daily tasks. Cybersecurity involves more than mere multi-factor authentication or strong passwords to prevent a cyber event — though it’s a great start. Instead, creating a healthy cybersecurity culture starts with leaders at the top and trickles down to the team.

While developing a recovery plan is vital, proactive cybersecurity measures are now standard. Furthermore, backing up data has become a top priority in recent years, not to mention ensuring secure configuration settings. Insurance carriers aren’t as likely to cover your business without these elements in a cybersecurity strategy.

Consider your cyber exposures, from your computer system and response resources to intellectual property and sensitive data. By thoroughly analyzing your cyber risks, you can better manage your cyber insurance policy and protect your business more profoundly.

 

 

What Does A Cyber Policy Not Cover?

Similar to many other insurance policies, cyber liability coverage has exclusions. For example, cyber insurance doesn’t cover the following claims:

 

 

Loss of value due to IP theft
Internal technology system upgrades
Possible future lost profits

Remember that cyber-related losses can occur with other threats, so it’s vital to know the gaps your insurance policies might create. Lastly, lawsuits routinely involve claims not covered by non-cyber policies, thus launching the idea of “silent cyber,” where some cyber-related incidents aren’t explicitly covered or excluded in traditional insurance policies. It’s worth exploring these gaps with a trusted commercial insurance broker to ensure adequate coverage.

 

 

Cyber Insurance Cost

As with most commercial insurance policies, the cost of cyber insurance depends on several factors. Following are some of the main points insurance carriers will consider when calculating your premium.

 

 

Cyber Insurance Cost Factors

 

 

 

Data

What type of data is being collected, and how much is being collected?

 

 

Controls

Sometimes, shareholders think that a funding round might have “watered down” or diluted their stake in the company.

 

 

Industry

A payment processor is more likely to be attacked than a cookie store with an online presence and loads of stored customer information.

 

 

Customer base

The more customers, the higher the potential severity of a data breach. Suppose the customers are large companies/institutions with deep pockets and a lot to lose. In that case, underwriters will recognize the increased risk of expensive litigation in the event of a data breach with plenty of affected customers.

 

 

Revenue

This is the primary factor for determining rate change on renewal

 

 

To give you a rough idea of what to expect in terms of premium, check out this research from Deloitte. Be aware of the high starting point; we often get quotes for our clients of $5k, sometimes less.

 

 

Cyber Insurance Claim Examples

 

 

 

An e-commerce platform, SellYouLater, contracted with a third-party service provider. A burglar stole two laptops from the service provider containing the data of over 800,000 clients of the SellYouLater. Under applicable notification laws, SellYouLater – not the service provider – was required to notify affected individuals. Total expenses incurred for notification and crisis management to customers was nearly $5,000,000.

 

 

A US-based information technology company, ‘Merica, contracted with an overseas software vendor, Internacional. Internacional left universal “administrator” defaults installed on ‘Merica’s server, and a “Hacker for Hire” was paid $20,000 to exploit the vulnerability. The hacker advised if the requested payment was not made he would post the records of millions of registered users on a blog available for all to see. The extortion expenses and extortion monies are expected to exceed $2,000,000.

 

 

An intern released a computer worm directing infected computers to launch a denial of service attack against a regional computer consulting & application outsourcing firm. The infection caused an 18-hour shutdown of the entity’s computer systems. The computer consulting & application outsourcing firm incurred extensive costs and expenses to repair and restore their system and business interruption expenses, totaling approximately $875,000.

 

 

A SaaS platform, SaaSyAttitude, stored credit and debit card account numbers, names, addresses, and telephone numbers that were stolen. In total, over 365,000 customers’ records were exposed. The organization settled with the state attorney general and is now compelled to provide free credit monitoring, credit restoration to customers that were victims of identity fraud, and reimbursement to customers for direct losses that resulted from the data breach. The organization must revamp its security policies, implement technical safeguards, and conduct random compliance audits.

 

 

An e-commerce platform, SellYouLater, contracted with a third-party service provider. A burglar stole two laptops from the service provider containing the data of over 800,000 clients of the SellYouLater. Under applicable notification laws, SellYouLater – not the service provider – was required to notify affected individuals. Total expenses incurred for notification and crisis management to customers was nearly $5,000,000.

 

 

A US-based information technology company, ‘Merica, contracted with an overseas software vendor, Internacional. Internacional left universal “administrator” defaults installed on ‘Merica’s server, and a “Hacker for Hire” was paid $20,000 to exploit the vulnerability. The hacker advised if the requested payment was not made he would post the records of millions of registered users on a blog available for all to see. The extortion expenses and extortion monies are expected to exceed $2,000,000.

 

 

An intern released a computer worm directing infected computers to launch a denial of service attack against a regional computer consulting & application outsourcing firm. The infection caused an 18-hour shutdown of the entity’s computer systems. The computer consulting & application outsourcing firm incurred extensive costs and expenses to repair and restore their system and business interruption expenses, totaling approximately $875,000.

 

 

A SaaS platform, SaaSyAttitude, stored credit and debit card account numbers, names, addresses, and telephone numbers that were stolen. In total, over 365,000 customers’ records were exposed. The organization settled with the state attorney general and is now compelled to provide free credit monitoring, credit restoration to customers that were victims of identity fraud, and reimbursement to customers for direct losses that resulted from the data breach. The organization must revamp its security policies, implement technical safeguards, and conduct random compliance audits.

 

 

Insurance Brokers For Cyber Insurance

Founder Shield is a data-driven insurance brokerage serving high-growth, innovative industries. We have a passion for creating and developing innovative risk management products across emerging industries and work hand in hand with clients and underwriters to ensure transparency, efficiency, and reliability every step of the way. Our team has specialized expertise and experience in providing cyber insurance services.
We partner with the leading cyber insurance carriers to craft tailored risk management programs for public companies and venture-backed companies preparing for funding rounds. With cyber insurance a major budget item, we understand that companies look for new and creative solutions to help manage increasing costs while also securing best-in-class coverage.

 

 

Justin Kozak Vice President sq
Justin Kozak

Justin is the market-facing leader at Founder Shield, with eight years invested in the boutique broker and more than a decade in the insurance industry.

 

 

Get a Cyber Insurance Quote

Finding insurance coverage doesn’t have to be painful. We aim to make the purchasing experience as streamlined & intuitive as possible.

1
Get a quote

Use our custom built online portal to get quotes fast. We automate clerical tasks that plague the traditional insurance brokerages, giving us more time to be responsive and alert to your company’s needs.

1
Get a quote

Use our custom built online portal to get quotes fast. We automate clerical tasks that plague the traditional insurance brokerages, giving us more time to be responsive and alert to your company’s needs.

2
Pair with a specialist

No two organizations are the same. Our team of coverage experts partners with your team to engineer your risk management strategy, together. We take the time to understand the intricacies of your company to get you the best possible coverage.

2
Pair with a specialist

No two organizations are the same. Our team of coverage experts partners with your team to engineer your risk management strategy, together. We take the time to understand the intricacies of your company to get you the best possible coverage.

3
Stay one step ahead

To do better, you need to know better. With changing political, technological, legal and economic landscapes, staying ahead of the curve is critical.

Our in-house team is tapped into the latest developments of your industry, proactively ensuring you’re covered.

3
Stay one step ahead

To do better, you need to know better. With changing political, technological, legal and economic landscapes, staying ahead of the curve is critical.

Our in-house team is tapped into the latest developments of your industry, proactively ensuring you’re covered.

Latest D&O Insurance Insights


Cybersecurity Data Breaches
November 9 • Cyber Liability

Top 10 Cybersecurity Data Breaches of 2023

Today’s digital landscape is frightening for business leaders. Here’s a glimpse into some of the most cringe-worthy data breaches in 2023 — plus, how to avoid them.


Cyber Insurance Pricing Trends
July 19 • Cyber Liability

Cyber Insurance Pricing Trends 2023

After a hard-hit 2022, let’s explore the lessons learned, what currently impacts the cyber market, and cyber insurance pricing trends to expect in the future.


multi factor authentication
January 24 • Cyber Liability

Securing Your Company With Multi-Factor Authentication: A Complete Guide

Cybersecurity is a priority for most company leaders, with multi-factor authentication spearheading the endeavor. Here’s how to make it a reality in your organization.


cybersecurity-awareness-month
October 6 • Cyber LiabilityRisk Management

Cybersecurity Awareness Month 2022 — Data, Data, Goose!

As the leaves turn golden and the wind blows colder, cybersecurity awareness month is upon us! Here’s what it’s all about and how your company can stay cyber-safe.