If you do a lot of business on line, you do need cyber liability insurance. Your criteria in finding the right insurance policy should, among other things, include coverage language that is broad enough to meet our needs.
Kim Lindros and Ed Tittel in their CIO articleWhat is cyber insurance and why you need it make a good case for buying a cyber liability insurance policy:
Technology and conducting business over the open Internet can lead to cyber attacks with potential for losses and liability.
Cyber liability insurance should be part of a comprehensive risk management plan.
About one-third of all U.S. companies are currently subscribing to some type of cyber liability insurance.
What cyber insurance covers
Essentially, cyber liability insurance covers first-party expenses and third-party claims. There is no one-size-fits-all approach to writing cyber insurance policies, but, according to Lindros and Tittel, a cyber liability insurance policy typically covers expenses in connection with:
investigating the cause and determining how to repair and prevent recurrence of the damage
losses to the business because of network downtime, interruption of business transactions, recovery of lost data and public relations crisis management
notifying customers and other affected persons of the data breach along with connected expenses for providing credit monitoring services to affected customers
responding to lawsuits, regulatory fines, and reimbursing costs of paying extortion as a result of ransomware attacks
What to look for as a cyber insurance purchaser
Again, there are a variety of policies and levels of cyber liability protection available. Alan R. Lyons, et. al, provide this checklist of what to look for in their article on mondaq.com. The policy should:
provide sufficient limits to cover potential liability expenses. (Beware of underestimating the costs and buying a policy that covers only lower limits or has high deductibles.)
contain coverage for “prior acts.” (This will protect the buyer in case a breach occurred prior to the purchase of the insurance.)
include coverage for breaches through unencrypted laptops or mobile devices. (Past attacks have occurred through the latter and should be covered in the policy.)
include coverage for fines or penalties assessed by regulatory agencies. (This is especially important for any business that is subject to HIPAA privacy rules.)
provide adequate business income coverage. (The coverage can be triggered only by a full stop in business or simply a mere interruption in operations, depending on the needs and nature of the business.)
cover a so-called “wild virus.” (A “wild virus” attacks targets no specific business, but “roams wild” on the Internet.)
cover social engineering scams. (The CEO scam, for example.)
So, if you do a lot of business on line, you do need cyber liability insurance. Your criteria in finding the right insurance policy should include coverage language that is broad enough to meet our needs. Know the deductibles and upper limits of coverage, as well as how to make a claim when a loss occurs.