Cyber Liability Insurance
Cyber liability insurance is a type of coverage that can be purchased as a standalone policy or as a rider on your business’s existing insurance policy. This insurance is designed to help cover the costs of informing customers about security breaches and post-attack investigations, both of which can get quite costly for the business that’s been hacked. Equipment damage due to malware and any lost income due to denial-of-service attacks may also be covered under a cyber liability insurance policy.
Once thought of as a niche product for companies operating predominantly in the online space – Cyber Liability Insurance is now coverage every company must consider. Whether it is an employee laptop left at a coffee shop, a disgruntled employee or a resourceful hack which shuts down your company site or a social media scandal which tarnishes the reputation of your brand, you need to be prepared. Such scenarios, along with others, are becoming commonplace.
Add to this, the new Digital Privacy Act (DPA) passed by Parliament June 18, 2015, expands the powers of Canada’s Privacy Commissioner and increases the burden on businesses. This will certainly increase the privacy breach reporting costs, increase potential for third party litigation and increase the risk of reputational damage to your business when the breach becomes public.
Unfortunately, traditional insurance policies do not address cyber risks as network breaches and data loss perils are almost always excluded.
One may think that big businesses are most at risk of being hacked, but cyber attacks are happening to small businesses with fewer than 250 employees. One of the reasons for this tremendous growth activity is that cyber-thieves know that small businesses simply do not have the same level of online security in place as their larger competitors. For small businesses, the risk is not only higher, but so are the costs.
Whereas a large corporation has billions of dollars in assets it can pull from to help alleviate the losses caused by a cyber attack, a small business may be at risk of financial ruin when faced with such an attack, especially when the average cost associated with a small business cyber attack is $100,000. This places a tremendous risk to both a small business’s credit and its future.
The number of insurers that offer this coverage is increasing and all these carriers offer coverage for both first-party and third-party losses. The market is very dynamic; the coverage available varies from insurer to insurer, and in some instances the policy offered is not even named a “cyber policy.”
First-party coverage insures for losses to the policyholder’s own data or lost income or for other harm to the policyholder’s business resulting from a data breach or cyber attack. Types of available include:
- Crises Event Management Expenses
- Security Breach Remediation and Notification Expense
- Computer fraud.
- Funds Transfer Fraud
- Business interruption.
- Extortion.
- Computer program and restoration expense.
Third-party coverage insures for the liability of the policyholder to third parties — including clients and governmental entities — arising from a data breach or cyber attack. Available coverages include:
- Network and Information Security Liability
- Communication and Media Liability
- Regulatory Defence Expenses
Your business needs to understand the risk management procedures and staff training required, as well as the coverages now available to be properly protected. No business connected in any way with the internet (and who isn’t!) is safe from privacy breaches and cyber attacks, and hackers grow more sophisticated each day.