Having cyber insurance in place to cover any potential breach, is quickly becoming another very important cost for businesses to consider.
When considering cyber insurance, there are several products available, and the scope of coverage varies from insurer to insurer. Double check to see if your existing business insurance policies already include some of the coverage explained below and be sure to meet with your broker to discuss your risk and what is best to protect you and your business.
Cyber policy types may include:
- Data liability. This covers damages and defense costs resulting from any claim against the insured from a data breach that compromises personal information. It should also cover claims alleging that information has been lost or compromised because of unauthorized access to, or use of, the insured’s computer systems. It is important that the policy covers not only an individual’s personal information but also employee data and confidential corporate information. Many organizations possess third-party trade secrets, customer lists, marketing plans and other information that could be beneficial to competitors and may result in liability if compromised.
- Media liability. This insures damages and defense costs resulting from any claim against the insured for infringement of copyright and other intellectual property rights, as well as misappropriation or theft of ideas or media content. While coverage may not extend to content published in a personal capacity, this should ideally be included, as organizations may face significant liabilities because of employees using Twitter, Facebook and other social media.
- Regulatory coverage. This covers the costs of response to any administrative, government or regulatory investigation following a data breach or cyberattack, as well as any fines or penalties imposed. However, this coverage is typically limited to civil fines and penalties, as criminal fines and penalties are not insurable in many jurisdictions. Some regulators, including the Financial Conduct Authority (FCA) and the Securities Exchange Commission (SEC), prohibit regulated firms from recovering from insurers any fines or penalties the regulators impose.
- Remediation coverage. Most policies provide coverage for additional costs associated with a data breach, including the costs incurred to notify those affected and relevant authorities, provide credit monitoring for those affected and set up call centers to field inquiries from concerned clients. Coverage may also extend to the costs of forensic services to determine the cause and scope of a breach, as well as public relations expenses and other crisis management costs.
- Information assets coverage. The policy may include coverage for costs of recreating, restoring, or repairing the company’s own data and computer systems. This may also extend to third-party data that has not been captured by back-up systems or that has been corrupted or lost because of negligence or technical failure.
- Network interruption coverage. The policy may cover lost revenue from network interruptions or disruptions because of a denial-of-service attack, malicious code, or other security threats.
- Extortion coverage. Many policies insure the costs of responding to ransom or extortion demands to prevent a threatened cyberattack.
If you need a few referrals, we have some great networking contacts that can help. Just ask!