Cyber liability insurance is a relative new form of protection against a threat that has grown in severity along with the expansion of the internet. This guide provides answers to some of the more frequently-asked questions about cyber liability insurance.
- Do I need cyber liability insurance if a use antivirus software?
The New York Times experienced a four-month attack by Chinese hackers, who installed 44 pieces of malware on the newspaper’s network despite the presence of antivirus software. That software and other protective technology is no guarantee against every possible threat.
- Is the cost of cyber liability insurance greater than its benefits?
As of early 2017, the average cost of a successful data breach to small and medium sized businesses was $46,000. For larger businesses, the average cost is exponentially higher. A cyber security solutions insurance carrier will assess your business’s cyber risk profile and will provide an insurance quote that will generally be far less than the average cost of a data breach.
- Does my commercial general liability (CGL) insurance cover data breaches?
In certain very fact-specific cases, a CGL policy might cover a data breach. New exclusions and CGL policy exceptions, however, are removing cyber liability coverage from CGL policies. As the insurance industry gains more experience with data breaches, the likelihood that a CGL policy will cover damages associated with a cyberattacks is extremely low or nonexistent.
- Is my small business really at risk of a cyberattack?
More than 70 percent of all cyberattacks target businesses with under 100 employees. Small and medium businesses (SMBs) maintain significant amounts of personal and financial data about their customers, and erect fewer barriers to hackers than large businesses. In view of this, SMBs are prime targets for cyberattacks.
- Do I need cyber liability insurance if I do not conduct business on the internet?
To the extent that any business maintains electronic records on an internal or cloud-based system, it is susceptible to a data breach. A company does not need to have an online sales channel to create cyber liability exposure.
- What does cyber liability insurance cover?
The broadest form of cyber liability insurance will provide first and third party liability coverage. First party coverage can provide compensation for network interruption and data recovery, ransomware demands, and reputational rebuilding. Third party liability coverage can reimburse clients and customers whose data might have been lost during the cyberattack, in addition to providing payments for regulatory fines.
- Am I still at risk if my data is in the cloud?
Cloud data storage systems will not insulate a business against cyber liability exposure. Your cloud storage provider can still be hacked, and your business can spend months or years litigating responsibility for the loss.
- Am I required to carry cyber liability insurance?
At present, there are no laws that require businesses to carry cyber liability insurance. Many businesses, however, are beginning to require their trading partners to maintain this insurance coverage and laws that cover specific industries, including, for example, the HIPAA laws and regulations for the medical industry, impose notification and other requirements on practitioners, which increases the need for cyber liability insurance.
- Are mobile devices included in cyber liability insurance coverage?
Mobile devices are a primary access point for hackers to install malware and other malicious code into corporate networks, and many cyber liability insurance policies do cover damages caused by the negligent use of mobile devices. Check with your cyber liability insurance carrier for limitations on coverage and any specific exclusions.
- What can I do to reduce cyber liability insurance premiums?
A good cyber liability insurance carrier can work with its clients to implement best practices that help to reduce the business’s exposure to cyber risks and that concurrently work to reduce premiums. Those practices generally include better employee education, monitoring and testing of security systems and practices, and adoption of robust technology solutions to guard against cyberattacks.