Which businesses should consider cyber security insurance and why?
Does your company accept digital payments or store customers’ names, addresses, credit card information, medical data, or financial information online or offline? If the answer is “yes,” you may need cyber security insurance.
Unfortunately, your general liability insurance won’t cover claims related to data breaches. Because many traditional general liability policies weren’t written with cyber risks in mind, they don’t include precise language about cyber risks. If your small business stores customer data, you may want to consider a separate cyber security insurance policy.
What is cyber security insurance?
Cyber security insurance, also known as cyber liability insurance or cyber insurance, helps reduce the financial risks of doing business online. It protects small business owners from financial losses caused by data breaches, data theft, system hacking, malware attacks, and ransomware extortion payments.
This type of small business insurance is an extension of errors and omissions (E&O) insurance, which protects against faults and defects in the services a company provides.
Who needs cyber security insurance?
The world is increasingly doing business digitally. While this shift to computers and internet-based workflows has made doing business easier, it has also created an opportunity for data breaches and cybercrime to occur. As such, any business, regardless of size, that creates, stores, and manages electronic data online needs cyber security insurance. This includes:
- Businesses that store important data online or on computers
- Businesses with high revenue or valuable digital assets
- Businesses with large customer bases
Why is cyber security insurance important?
The compromise, loss, or theft of electronic data can harm a business. You can lose revenue, customers, and reputation. In addition, if attacked, a small business owner may be liable for damages linked to third-party data theft.
Not adequately protecting your small business from cyber attacks can leave you unnecessarily vulnerable. Verizon estimates that 43 percent of data breaches happen to small businesses, which are especially vulnerable to malware, ransomware, brute force, and social attacks.
And, like many legal headaches, a breach comes with a steep price tag. In fact, the average data breach costs businesses with fewer than 500 employees $2.98 million, according to a report by IBM and the Ponemon Institute.
What’s covered by a cyber security insurance policy?
Cybersecurity insurance generally comes as either first-party or liability coverage. Each policy type protects small businesses in different circumstances. The most common first-party cybersecurity coverage is data breach insurance.
If personal customer information is exposed or stolen, most first-party policies typically cover:
- Civil damages
- Computer forensics to investigate the breach
- Computer fraud
- Costs to notify customers
- Credit monitoring services for those affected
- Cyber extortion
- Data loss, recovery, and recreation
- Loss of revenue due to a breach
- Loss of transferred funds
- Public relations services to offset reputational damage
Third-party cyber liability coverage protects your business if a third party sues you for damages in connection with a cybersecurity incident. This covers:
- Attorney and court fees associated with legal proceedings
- Settlements and court judgments
- Regulatory fines for non-compliance
What isn’t covered by cyber security insurance?
Typically, cyber security insurance does not protect small business owners from losses related to:
- Costs to improve your security and technology systems after an attack
- Crimes or self-inflicted cyber incidents
- Failure to correct a known vulnerability
- Future profits lost due to a cyber-attack or data breach
- Infrastructure failures not caused by a purposeful cyber attack
- Lawsuits for any potential vulnerabilities in your systems before a breach occurs
- Loss of intellectual property and lost income associated with it
- Property damage, which is usually covered by commercial property insurance
How do you buy cyber security insurance?
Cyber insurance policies are sold by many of the same insurers that provide other small business insurance products like business liability insurance, commercial property insurance, and E&O insurance.
Some insurer carriers sell cyber insurance as an add-on to a business owner’s policy (BOP). Small business owners can also purchase coverage separately.
Cyber insurance costs typically depend on the company’s annual revenue and industry. To apply, you’ll likely need to provide documentation via an approved assessment tool, such as that offered by the Federal Financial Institutions Examination Council, or submit to a security audit. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) helps organizations prepare for, respond to, and mitigate the impact of cyberattacks. It encourages small businesses to improve their cybersecurity to keep premium costs affordable.
Because policies will vary, experts recommend that small business owners review policy details closely to ensure they contain the protections and provisions appropriate for this specific company and industry. In addition, be sure policies protect against known as well as emerging cyber risks.
Thanks for reading! Please note that this content is intended for educational purposes only. As best practices change regularly, you should refer to your trusted advisor for specific counsel.
If you are unsure whether you need cybersecurity insurance, consider speaking to a business insurance agent near you to assess your risk level and potential premiums to determine if it’s the right investment for your company.