Why do I need cyber liability insurance?
If you collect any sort of personal or company information, have a “login” feature on your site, integrate with another company’s systems in any way, have clients who rely on your programs or software in their operations, have employees who could fall for a phishing scam, generate online content such as blog posts or even simply rely heavily on email communications, you need cyber liability insurance.
- 87% of cyber claims come from companies with under $2B in revenue, according to one NetDiligence study.
- Data breaches that only involve a small number of records can still be costly. That same NetDiligence study found a case of a single lost record containing personally identifiable information (PII) ended up costing the company between $1,500,000 and $2,000,000.
- The average total cost of a data breach in 2015 was $4,000,000 and the average cost per individual record that was lost was $158, according to IBM and the Ponemon Institute.
- The definition of PII is ever-expanding and now includes even simple information like emails, zip codes — even IP addresses — in certain states. It’s getting even easier to bring a class action lawsuit for cyber theft!
- Criminals are only responsible for a portion of these data breaches. IBM and Ponemon determined that half of all data breaches in the US were caused by mistakes! 23% can be attributed to negligence and 27% to system error.
- Even when someone else is victimized by a hacker via your system, you could be held accountable in certain situations based on the theory of vicarious liability.
There’s one other nuance to mention here: a typical data breach involves the failure of a security feature or unauthorized access to an entire database. This means that thousands of users’ data will be compromised rather than just a handful. It’s pretty easy to see how a breach of this nature opens your company up to more than just a simple lawsuit. More realistically, you’ll be looking at a class action suit. These are a whole lot more expensive to defend against.
What is it?
Cyber liability insurance is designed to protect companies against lawsuits from third parties and fines and penalties from regulators. The goal of these policies is to address the risk exposure created by various electronic activities, the most common of which being the collecting or storing some kind of PII.
This is a relatively new type of policy and the coverage available seems to grow every year. In the past, a policy might have only protected you against lawsuits from victims and fines from government agencies. Now policies are expanding to capture some of the other expenses.
Today it is not unusual to find policies that will pay for crisis management consultation, forensic investigation into the source of the breach, guidance in public messaging from a PR firm and notification and credit monitoring services for affected users. If your system or software has been compromised, data restoration services can be costly — cyber policies can pay this bill after a covered loss. Last but not least, the right insurance product will reimburse you for income lost and payroll spent during the time when your systems were down and you were unable to operate.
Some newer policies even include coverages like dependent business income (for when your service provider suffers an attack and you lose money as a result) and social engineering (e.g. spear phishing).
As soon as a single PII record is compromised, various state and federal privacy laws will kick in to make sure you play by the rules and take responsibility for the lost data. But this policy isn’t just about paying the cost of a legal defense.
Having a cyber insurance policy in place means that, if the worst does happen, you’ll have a crisis management partner who will walk you through what you need to do to minimize the financial impact to you and the broader impact to the people and organizations affected.
How do I protect my company and myself?
Want to read more on the subject? Check out our blog posts on cyber liability insurance.
Read about other types of coverage