Cyber security is becoming more and more important, as the threat of cyber-attack is rising significantly each day. Even if you have taken all of the necessary precautions – you have implemented the most sophisticated IT systems, firewalls and anti-virus software – you can still be vulnerable to a number of cyber threats, including ransomware. You may not think your small business needs to be overly concerned, but consider that most cyber-attacks are performed against smaller businesses, and the frequency continues to increase.
Unfortunately, many do not understand the scope of what a Cyber Liability insurance policy can provide in the event of a network security failure, and how that scope has expanded over the past few years. Cyber coverage can mean different things to different people. Most commonly, cyber liability coverage is some combination of four components: Errors and omissions, media liability, network security and privacy.
Errors and Omissions: E&O covers claims arising from errors in the performance of your services. This can include technology services, like software and consulting, or more traditional professional services like lawyers, doctors, architects and engineers
- Media Liability: These are advertising injury claims such as infringement of intellectual property, copyright/trademark infringement and libel and slander. Due to the Internet presence of businesses today, technology companies have seen this coverage migrate from their general liability policy to being bundled into a media component in a cyber policy (or a separate media liability policy). Coverage here can extend to offline content as well.
- Network Security: A failure of network security can lead to many different exposures, including a consumer data breach, destruction of data, virus transmission and cyber extortion. The culprits might be looking to shut your network down so you can’t conduct business, either for financial or political gain. Network security coverage can also apply if you’re holding trade secrets or patent applications for a client, and that information is accessed due to a failure of your security.
- Privacy: Privacy doesn’t have to involve a network security failure. It can be a breach of physical records, such as files tossed in a dumpster, or human errors such as a lost laptop, or sending a file full of customer account information to the wrong email address. Companies have also faced liability from returning a photocopier with a hard drive that contained unwiped customer tax records. A privacy breach can also include an action like wrongful collection of information.
All insurers use different terminology for cyber coverage; some subdivide the four components above even further, which means that cyber policies can be very difficult to read and compare.
Network Security and Privacy Liability Coverage
What’s unique about the privacy and network security coverages is that both first-party costs and third-party liabilities are covered: First-party coverage applies to direct costs for responding to a privacy breach or security failure, and third-party coverage applies when people sue or make claims against you, or regulators demand information from you.
Some common first-party costs when a security failure or data breach occurs include:
Forensic investigation of the breach
- Legal advice to determine your notification and regulatory obligations
- Notification costs of communicating the breach
- Offering credit monitoring to customers as a result
- Public relations expenses
- Loss of profits and extra expense during the time that your network is down (business interruption)
Common third-party costs include:
- Settlements, damages and judgments related to the breach
- Liability to banks for re-issuing credit cards
- Cost of responding to regulatory inquiries
- Regulatory fines and penalties (including Payment Card Industry fines)
Cyber Liability coverage can also provide you with access to professionals who can help guide you through how to handle a breach, minimize losses, and when necessary, handle demands for ransom.