As cyber attacks and data breaches continue to threaten businesses of all sizes, more and more business owners are turning to their insurance policies to help mitigate the risk. Unfortunately, many traditional CGL policies, or commercial general liability policies, specifically exclude certain liabilities that result from a cyber attack. Therefore, you will need to look elsewhere for coverage against cyber events.
The average cyber event costs its target nearly $6 million in damages and reparations – a figure that is far beyond the resources of most small to mid-sized businesses. Because of this potentially devastating cost, many business owners are choosing to purchase a specialized cyber insurance policy in order to minimize the financial ramifications of a cyber attack or data breach. But how do you know which cyber insurance policy is right for your business?
One of the first things that you will need to know is that there is very little standardization between cyber insurance policies. Unlike auto insurance or traditional CGL insurance, each cyber insurance provider has its own metric for balancing costs and coverage limits. You will need to compare your options very carefully, making sure that you understand exactly what you will be getting in exchange for your premium payments.
In many cases, you would be best served hiring an experienced cyber insurance broker. While this will marginally increase your insurance costs, a broker can help you better understand what type or types of coverage will work best for your specific business. One way that they can do this is to perform a risk assessment survey. This will help you and your insurance broker understand which types of cyber attacks your business will be most susceptible to. Your broker will then be able to recommend a policy that can help protect you from the damages caused by this specific type of attack.
While there are countless variations on cyber insurance coverage, there are two main types: first party coverage and third party liability coverage.
- First party coverage will include features such as forensic investigation, legal advice, credit monitoring, ongoing notifications to all affected parties, hardware and data replacement or restoration, and business interruption coverage. This type of coverage is meant to compensate for any losses or direct costs that result from a cyber attack. These types of attacks include theft of data or personal information or the introduction of malware.
- Third party liability coverage, on the other hand, is meant to cover more than just the direct costs associated with a cyber event. This kind of policy will cover legal fees and fines associated with the lawsuits and investigations arising from a cyber loss. This coverage helps to mitigate any issues caused by the release of personal data, copyright infringement, or any other claims made against the business as a result of the cyber attack.
Many cyber insurance policies include both first party and third party liability coverage. It is up to you to and your broker to decide how to balance the two, and craft a cyber insurance policy that will best protect your business.
Opinions expressed in this article are solely the author’s opinion, not intended to provide the reader with legal or any other professional advice. Should you need advice or opinion, consult with a qualified professional to address your specific needs.