Why do you need Cyber Liability Insurance?
If you collect any sort of personal or company information, have a “login” feature on your site, integrate with another company’s systems in any way, have clients who rely on your programs or software in their operations, have employees who could fall for a phishing scam, generate online content such as blog posts or even simply rely heavily on email communications, you need cyber insurance.
The average total cost of a data breach in 2016 was $3.6 million and the average cost per individual record that was lost was $141 (IBM).
Criminals are only responsible for a portion of these data breaches. IBM and Ponemon determined that more than half of all data breaches in 2016 were caused by mistakes! 28% can be attributed to human error and 25% to system glitches.
87% of cyber claims come from companies with under $2B in revenue, according to one NetDiligence report.
A typical data breach involves the failure of a security feature or unauthorized access to an entire database. This means that thousands of users’ data will be compromised rather than just a handful. It’s pretty easy to see how a breach of this nature opens your company up to more than just a simple lawsuit. More realistically, you’ll be looking at a class action suit. These are a whole lot more expensive to defend against.
What is Cyber Liability Insurance?
Cyber liability insurance is designed to protect companies against lawsuits from third parties and fines and penalties from regulators. The goal of these policies is to address the risk exposure created by various electronic activities, the most common of which being the collecting or storing some kind of PII.
This is a relatively new type of policy and the coverage available seems to grow every year. In the past, a policy might have only protected you against lawsuits from victims and fines from government agencies. Now policies are expanding to capture some of the other expenses.
Today it is not unusual to find policies that will pay for crisis management consultation, forensic investigation into the source of the breach, guidance in public messaging from a PR firm and notification and credit monitoring services for affected users. If your system or software has been compromised, data restoration services can be costly — cyber policies can pay this bill after a covered loss. Last but not least, the right insurance product will reimburse you for income lost and payroll spent during the time when your systems were down and you were unable to operate.
Some newer policies even include coverages like dependent business income (for when your service provider suffers an attack and you lose money as a result) and social engineering (e.g. spear phishing).
As soon as a single PII record is compromised, various state and federal privacy laws will kick in to make sure you play by the rules and take responsibility for the lost data. But this policy isn’t just about paying the cost of a legal defense.
Having a cyber insurance policy in place means that, if the worst does happen, you’ll have a crisis management partner who will walk you through what you need to do to minimize the financial impact to you and the broader impact to the people and organizations affected.
What does Cyber Liability Insurance cover?
You will have to consult your policy documents to confirm exactly what coverage your Cyber insurance provides but here are a few scenarios that typically would and would not be covered. You can read more about what cyber insurance covers here.
How much does Cyber Insurance cost?
As with most commercial insurance policies the cost of cyber insurance depends on a number of factors. Here are some of the main points that insurance carriers will take into account when calculating your premium:
- Data: what type of data is being collected and how much is being collected?
- Controls: what type of security measures and incident response plans do you have in place already?
- Industry: a payment processor is more likely to be attacked than a cookie store with an online presence.
- Customer base: the more customers, the higher the potential severity of a data breach. If the customers are large companies/institutions with deep pockets and a lot to lose, underwriters will recognize the increased risk of expensive litigation in the event of a data breach.
- Revenue: this is the primary factor for determining rate change on renewal.
- Claim history: a history of litigation raises red flags
To give you a rough idea of what to expect in terms of premium, check out this research from Deloitte. Don’t be put off by the high starting point, we often get quotes for our clients of $5k, sometimes less
Who needs Cyber Liability Insurance?
Who really needs cyber insurance? The short answer to that question is: everyone. Every type of commercial entity – meaning municipalities, non-profit organizations, educational institutions, and corporations – needs cyber insurance if they collect, process or store employees’ or customers’ personal or financial data, or if they have proprietary intellectual property. However Cyber is particularly important for the following industries:
How it Works
“Didn’t overwhelm us with paperwork and didn’t try to sell us to buy insurance that a tech startup doesn’t need. Definitely will recommend to any startup!
“Being able to work closely with someone on our insurance needs is incredibly important!” _________________________________________
“Great mix of old-school customer service with awesome use of technology to make the process as seamless as possible.” _________________________