As technology becomes increasingly important for successful business operations, the value of a strong cyber liability insurance policy will only continue to grow. The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses. In an age where a stolen laptop or hacked account can instantly compromise the personal data of thousands of customers, or an ill-advised post on a social media site can be read by hundreds in a matter of minutes, protecting yourself from cyber liability is just as important as some of the more traditional exposures businesses account for in their general commercial liability policies.

Why Cyber Liability Insurance?

A traditional business liability policy is extremely unlikely to protect against most cyber exposures. Standard commercial policies are written to insure against injury or physical loss and will do little, if anything, to shield you from electronic damages and the associated costs they may incur. Exposures are vast, ranging from the content you put on your website to stored customer data. Awareness of the potential cyber liabilities your company faces is essential to managing risk through proper coverage.

Possible exposures covered by a typical cyber liability policy may include the following:

  • Security Breach Expense: Coverage for losses and expenses directly associated with recovery activities in the aftermath of a cyber incident. This can include investigation and forensic services, notification to customers, call center services, overtime salaries, post-event monitoring services such as credit monitoring for impacted customers and more.
  • Security Breach Liability: Coverage for third party liability directly due to a cyber incident and that the insured becomes legally obligated to pay. This includes defense expenses, compensatory damages, and settlement amounts, and fines or penalties assessed against the insured by a regulatory agency or government entity, or for non-compliance with the Payment Card Industry Data Security Standards.
  • Restoration of Electronic Data: Coverage for the costs to replace or restore electronic data or computer programs in the aftermath of an incident. This can also include the cost of data entry, reprogramming, and computer consultation services to restore lost assets.
  • Extortion Threats: Coverage for loss resulting from an extortion threat that is discovered during the policy period. This can include approved firms and resources that determine the validity and severity of the threat, interest costs associated with borrowing for the ransom demand, reward payment that leads to conviction and arrest of the party responsible, the ransom payment and other reasonable expenses.
  • Public Relations Expenses: Coverage for the fees and costs to restore reputation in response to negative publicity following a cyber incident or a security breach. This includes, for example, the fees associated with the hiring of a public relations firm that handles external communications related to the breach.
  • Computer and Funds Transfer Fraud: Coverage for the losses due to a fraudulent computer operation that causes money (or other property) to be transferred from an insured’s account. This also covers losses incurred by a fraudulent instruction directing a financial institution to debit money from the insured’s transfer account.
  • Business Income and Extra Expense: Coverage for the losses and costs associated with the inability to conduct business due to a cyber incident or an extortion threat. Business income includes net income that would have been earned or incurred. Note that business interruptions due to system failure or voluntary shutdown are not covered.
  • Social Engineering: Coverage for a loss resulting from a social engineering incident where the insured is intentionally misled to transfer money to a person, place or account directly from good faith reliance upon an instruction transmitted via email by an imposter. A documented verification procedure requirement needs to have been completed in order to be provided coverage.
  • Ransom Payments: Coverage for the reimbursement of the monetary value of any ransom payment made by the insured to a third party in response to a ransom demand to resolve an extortion threat.
  • Hardware Replacement Costs: Coverage for the cost to replace computers or any associated devices or equipment operated by the insured that are unable to function as intended due to corruption or destruction of software or firmware, resulting from a cyber incident.
  • Telecommunications Fraud: Coverage for the cost of unauthorized calls or unauthorized use of the insured’s telephone system’s bandwidth, including but not limited to phone bills.
  • Post Breach Remediation Coverage: Coverage for labor costs incurred to resolve vulnerabilities or weaknesses in the insured’s computer system that are identified by an independent security firm after a cyber incident. Identified upgrades or improvements must reduce the probability or potential damage of a future incident to qualify.
  • Website Media Liability: Coverage for a loss and defense expenses from intellectual property infringement, other than patent infringement, related to media content on the company website or its social media accounts only. Cyber liability insurance is specifically designed to address the risks that come with using modern technology; risks that other types of business liability coverage simply won’t. The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure. It is important to work with a broker that can identify your areas of risk so a policy can be tailored to fit your unique situation.
This Coverage Insights is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. © 2022 Zywave, Inc. All rights reserved.