If your small business relies on digital technology to make sales, communicate or store information, then you are exposed to what's known as "cyber liability" or "cyber risk".
As foreign as it sounds, it's a real issue in 2020; cyber risk costs the global economy more than $450 billion a year. These costs come from a range of events, from getting your website hacked, to being sued for something you published online. Luckily, cyber insurance can help.
If you are ready to speak with a consultant about different business insurance options available, simply enter your details in the form. Keep reading if you want to learn more about the different types of cover available.
Learn more about Cyber Insurance
Cyber insurance provides businesses with peace of mind, protecting them from the potentially financially devastating repercussions associated with cyber-attacks like computer hacking, ransomware, data theft and data destruction.
When you purchase cyber insurance, you'll find that most policies provide first-party and third-party coverage. First-party coverage is when an insurer covers you for loss or damage that directly affects you or your business. For example, if your business is hit with a denial of service (DOS) attack, flooding your server with traffic in the final days of a campaign, resulting in your business losing thousands of dollars, first-party coverage can reimburse you.
Third-party coverage relates to claims made against your business by someone that has been negatively affected by a cyber issue involving your company. For example, if a hacker steals a customer's personal data and they sue you for negligence, third-party coverage can cover you for the legal and compensation costs.
While policies will differ between providers, cyber liability insurance will usually provide cover for:
- Business interruption. Losses suffered by business following an attack.
- Electronic theft. Transfer of funds or property due to fraudulent input of data into a computer system.
- Electronic communication. Transfer of funds or property on the faith of fraudulent communication.
- Electronic threat loss. This includes the cost of a negotiator or ransom payment.
- Electronic vandalism loss. This includes vandalism caused by an employee.
- Crisis expenses. Covers expenses incurred from public relations consultants following a loss.
- Reward expenses. May include cost of paying an informant.
- Disclosure liability. Claims from third parties following system security failure that result in unauthorised access to sensitive information.
- Content liability. This may include claims that arise from breaches of intellectual property, breach of copyright and trademark infringement.
- Impaired access liability. Includes claims that may arise from systems failures that result in restriction of client access.
- Defence costs. Provides cover for costs that may be incurred defending claims.
Let's consider the risks of doing modern business in 2020. Our reliance on the digital world has made it easier than ever to fall prey to people looking to profit from your misfortune.
Some real risks to consider include:
- Data breaches, for example, your customers' information.
- Fraud and theft, for example, getting your online store hacked.
- Business interruptions such as your website getting taken down.
Cyber insurance really shines when it comes to these types of claims. Traditional business insurance may fail to cover these claims or take longer to process.
Businesses in a number of industries might consider taking out cyber insurance. In particular, businesses in financial and healthcare industries rely significantly on reputations to ensure their success, so a damaged reputation can have a massively detrimental impact.
Industries where cyber liability cover must be considered include:
- Financial Services
- Real estate
- Telecommunications or Internet services
- Travel sector
- Law firms
- Insurance brokers
- Problem. An IT firm providing data services for ATMs suffered an employee error during offsite data backup operations which allowed customers to withdraw an unlimited amount of money from the ATMs, despite how much they had in their accounts.
- Repercussions. The owner of the ATMs sued the IT company to recover its losses and the company had to pay around $250,000 in damages and $20,000 in legal costs.
- Solution. The IT company's cyber insurance covered its liability for errors in its service and paid for both indemnification and legal fees.
- Problem. A travel agent had its server breached on 3 separate occasions, with more than 250,000 customers' personal details (for example, credit card information) compromised.
- Repercussions. The company had to pay over $1.5 million for IT forensic fees and legal defence fees as well as notify those affected and provide credit monitoring services.
- Solution. The travel agent's cyber insurance covered all of its costs under the customer support and reputational expenses section of its policy.
- Problem. A company used an image on its blog page similar to a copyrighted image used by another business. The entity demanded they remove it, but discussions broke down and the matter then went to court.
- Repercussions. The plaintiff demanded more than $5 million in damages and the company had to pay a settlement of $2 million plus $1.23 million in legal fees.
- Solution. The company's cyber insurance covered the copyright breach under its multimedia liability cover.
- Problem. A charity in the United States was hit with a denial of service (DOS) attack, which flooded its server with traffic in the final days of a campaign.
- Repercussions. The site was inaccessible for a whole day, resulting in over $1 million in lost donations.
- Solution. The company's cyber insurance paid the charity $1.5 million for lost donations and website repairs under the cyber business interruption and hacker damage sections of its policy.
- Problem. As part of a marketing promotion, a retailer sent an email to customers but mistakenly attached a document including sensitive customer data instead of a promotional flyer.
- Repercussions. Several of the affected customers sued the retailer for breaching their privacy and the resulting settlement sum and legal fees came to around $250,000.
- Solution. The retailer's cyber insurance covered its legal costs and indemnification under its security and privacy liability cover.
- Problem. An IT company had its server hacked and the records of millions of registered users stolen. A ransom payment was demanded, threatening to post the records online for the world to see.
- Repercussions. The cost of extortion, including IT forensic costs and ransom payments, exceeded $2 million.
- Solution. The company's cyber insurance covered all of its losses under the cyber extortion and other sections of its policy.
According to the Stay Smart Online initiative by the Australian Government, cyber crime costs around $276,323 for businesses with 53% of the cost coming from detection and recovery.
This is why it makes sense to consider cyber liability insurance. The costs of actually getting cover will vary based on your specific business, but as a general rule of thumb a policy can cost around $3,000 for a business with $5.5 million in annual turnover*.
*Figure provided by Edmund Cyber Insurance.
Example: The Target case
The shift from offline to online has made many businesses heavily web dependent. This dependence has in turn created a new set of security risks that businesses have to deal with. Today, more and more businesses are experiencing data breaches of almost epidemic proportions. Couple this with growing media attention of cyber breaches and consumer awareness and you have a well-informed populous looking for answers and seeking punitive damages from offending companies.
In 2013, retail giant Target was the victim of the biggest retail hack in history when details of every credit card used at the company's 1,797 US stores were stolen, a total of more than 40 million card details.
Target's case provides an example of just how devastating a cyber breach can be to a business:
- 90 lawsuits were filed against Target by both customers and banks for negligence.
- $61 million was spent in February 2014 alone responding to the breach.
- Customer response operation set up with a promise that customers would not have to pay for any fraudulent charges that were the result of the breach.
- Profit dropped 46% from the same quarter of the previous year.
When comparing cyber liability insurance policies, make sure to take the following factors into consideration:
- Identify the risks your business faces. The biggest risk for one business might be completely different to the biggest risk for the next. Would the exposure of your customers' personal information pose the biggest threat to you, or would it be the interruption to your ability to continue providing a service? Make sure you know the problems your business could face.
- What sort of cover do you already have? Some of the insurance you already have in place may provide some coverage for cyber risks. Speak to an insurance expert to understand how your business is placed.
- Get the right level of cover. Cyber liability is not a "one size fits all" type of cover. Concentrate on making sure your policy includes all the basic features, but assess whether some of the tailored options will be necessary. Also, determine if the amount you're insured for will be enough to cover the costs you'll incur in the event of a data breach. It's a good idea to involve all stakeholders from different branches within the company to accurately assess how much cover you'll need.
- Know what's excluded. Knowing what is and isn't covered on any insurance policy is always essential. Check your insurer's list of exclusions to prevent any nasty surprises at some stage in the future.
- What about third-party negligence? If, like many businesses, you outsource tasks like data processing or storage to a third party, check whether negligence from that third-party will be covered by your insurance provider.