As the number and size of cyber attacks on businesses continues to increase, the risk of experiencing a data breach is higher than ever. The resulting cost of these breaches can be significant.

As a result, an increasing number of organizations are choosing to invest in a cyber insurance policy, which allows them to claim cyber incident response expenses, regulatory fines, legal defense costs and business interruption losses. In other words, offset the cost of a potential data breach.

Cyber liability insurance can include a range of coverages for a variety of related risks including:

  • Identity theft because of a data breach where confidential personal information is stolen or inadvertently disclosed.
  • Reputation damage arising from a cyber-related incident.
  • Theft of valuable and/or propriety electronic business assets.
  • Malware, ransomware, or other malicious computer code.
  • Human error leading to inadvertent disclosure of sensitive business or personal information.
  • Trademark or copyright infringement lawsuits.

 Organizations should obtain cyber insurance if any of the following conditions apply:

  • Holding sensitive data
  • Subject to specific statutory or regulatory requirements regarding PII
  • Reliant on technology in its business or operations
  • Subject to contractual requirements for such insurance from customers or vendors

Cyber insurance helps organizations protect and recover from several types of privacy, information, and operation risks including network failures, data breaches, malware infections, cyber extortion or ransomware, or email account compromises.

Cyber insurance policies are significantly less standardized in their coverage than general liability policies.  Organizational size and scope, operation, number of customers, Web presence, and data collected are factors that dictate some or all of the following types of coverage:

  • Liability associated with libel, slander, copyright infringement, product disparagement, or reputational damage to others when the allegations involve a business website, social media or print media.
  • Expenses related to cyber extortion (ransomware) or cyber terrorism.
  • Expenses related to regulatory compliance.
  • Liability for security or privacy breaches, i.e. the loss of confidential information by allowing, or failing to prevent, unauthorized access to computer interruption.
  • Costs associated with privacy breach.
  • Costs associated with restoring, updating, or replacing business assets stored electronically.
  • Business interruption expenses related to a security or privacy breach.

Cyber insurance policies may come equipped with a panel of experts who are able to identify risks and reduce the impact of an incident response. They may also have a skilled PR team, legal experts to minimize any associated threats or breach costs, and forensic experts that are able to decipher exactly what happened, why it happened and how to best avoid future incidents from occurring.

Types of coverage typically flow from insurance agreement types:

  • Network security: legal costs, IT forensics, ransomware funds, data restoration, breach notifications, call centers, public relation expenses and credit monitoring/ID restoration.
  • Privacy: privacy liability costs, both contractual and for regulatory investigations.
  • Business interruption: lost profits, costs associated with security and system failures.
  • Media liability: intellectual property infringement.
  • Employees and officers’ coverage: legal costs, failure to perform, etc.

Cyber insurance experts at BPI can help negotiate for better policy terms, help organizations select the right coverages, advise them about coverage pitfalls, assist with completion of the application, and help them to understand their obligations under the terms of the policy. This may include performing technical cyber-risk audits, reviewing the results of the audit and working with the organization to get insurance coverage for the identified risks.

BPI experts advise corporate boards about insurance, privacy, cybersecurity best practices, and data protection compliance issues. Ask us 248-357-3980.