Want to avoid a financial nightmare? Take out cyber liability insurance.
Cyber liability insurance is designed to provide commercial businesses with protection against a variety of liability risks. In the ever-growing online world, data is now a major security concern. Businesses are exposed to risks from first and third parties and have to worry about sensitive information (such as private and confidential customer information) being breached or stolen. It is the responsibility of businesses to ensure this information is secured. This is especially the case for those with a dependency on online transactions and content.
What types of information could be exposed to cyber threats?
- Personally identifiable information
- Government ID numbers
- Medical records
- Payment card data
- Email address databases
What's in this guide?
- What does it cost a business to NOT have cyber liability insurance?
- Is it just large companies who should be concerned?
- Privacy laws mean data breaches can be costly
- What does cyber liability insurance cover?
What does it cost a business to NOT have cyber liability insurance?
Target’s case provides an example of just how devastating a cyber breach can be to a business:
- 90 lawsuits were filed against Target by both customers and banks for negligence
- $61 million was spent in February 2014 alone responding to the breach
- Customer response operation set up with a promise that customers would not have to pay for any fraudulent charges that were the result of the breach
- Profit dropped 46% from the same quarter of the previous year
The Target case
The shift from offline to online has made many businesses heavily web dependent. This dependence has in turn created a new set of security risks that businesses have to deal with. Today, more and more businesses are experiencing data breaches of almost epidemic proportions. Couple this with growing media attention of cyber breaches and consumer awareness and you have a well-informed populous looking for answers and seeking punitive damages from offending companies. In 2013, retail giant Target was the victim of the biggest retail hack in history when details of every credit card used at the company’s 1,797 US stores were stolen, a total of more than 40 million card details.
Is it just large companies who should be concerned?
It’s not just major companies like the recently hacked Target, LinkedIn, eHarmony, Dropbox and Yahoo that should be concerned about cyber liability. Claims against smaller companies can be just as devastating. Reports published by US-based privacy researcher the Ponemon Institute estimate that the average claim against both private sector and non-profit companies total US$5.4 million. A report from the US Secret Service and Verizon Communications found that over 72% of data breaches affected small- to medium-sized businesses. What many smaller businesses are failing to realise is that they are rarely covered for cyber liability under their traditional insurance policies. Most insurers exclude cyber liability from insurance policies and others will only provide cover in certain situations. Cases have shown that many CEOs only discover their lack of cover after a claim and the damage is done.
A report from Chubb Security in 2012 showed that 20% of companies experienced a cyber security issue in the previous 12 months, yet 65% of the public companies surveyed had not purchased cyber cover. Many are pointing to a general lack of awareness from CEOs about the risks associated with cyber security and the belief that cover is too expensive as an explanation for such widespread underinsurance. When you consider the fact that the average cost of a breach to a small business exceeds $5 million, a couple of extra hundred dollars in insurance premiums may not seem so bad.Back to top
Privacy laws mean data breaches can be costly
The amended privacy laws have given greater power to the privacy commissioner to impose penalties upon organisations and individuals who are involved in data breach events. A company may be required to pay as much as $1.7 million and individuals up to $340,000 for failure to comply.
What does cyber liability insurance cover?
While policies will differ between providers, cyber liability insurance will usually provide cover for:
- Business interruption. Losses suffered by business following an attack.
- Electronic theft. Transfer of funds or property due to fraudulent input of data into a computer system.
- Electronic communication. Transfer of funds or property on the faith of fraudulent communication.
- Electronic threat loss. This includes the cost of a negotiator or ransom payment.
- Electronic vandalism loss. This includes vandalism caused by an employee.
- Crisis expenses. Covers expenses incurred from public relations consultants following a loss.
- Reward expenses. May include cost of paying an informant.
- Disclosure liability. Claims from third parties following system security failure that result in unauthorised access to sensitive information.
- Content liability. This may include claims that arise from breaches of intellectual property, breach of copyright and trademark infringement.
- Impaired access liability. Includes claims that may arise from systems failures that result in restriction of client access.
- Defence costs. Provides cover for costs that may be incurred defending claims.
What does cyber liability insurance cost?
The cost of cyber liability insurance largely comes down to a company's risk exposure to a cyber security breach. The company will need to determine what risks they are exposed to and what they may be required to pay in the event of a claim.
These factors will increase the cost for your business
Essentially, how much a company will pay comes down to:
- The likelihood of a claim occurring:
- measures/insurance already in place
- nature of business
- number of employees
- The level of cover provided:
- range of cover
These factors increase the cost for all businesses
Like any other type of business insurance, cyber liability insurance comes at a cost. However, this form of cover can be more expensive than many other types of business insurance for several reasons, including:
- You have a large sum insured. Let’s get the most important reason out of the way first: the cost to an insurer or covering just one cyber liability event could be astronomical. As a result, the premiums you pay for this type of cover are higher than the premiums for many other forms of insurance.
- It’s tailored to suit your business. The cyber risks faced by one business are often completely different to those faced by the next business. With this in mind, cyber liability cover needs to be tailored to provide protection that your business needs, which is another reason why it costs more than you might expect.
- It’s still a brave new world. Cyber liability insurance is still in its infancy and is a relatively new offering in the world of business insurance. As businesses are working to calculate the true value of their digital assets and the cyber risks they face, so too are insurers working to develop policies that offer simpler and more affordable cover. As the risks gradually become better defined and insurers are able to put a more accurate value on their policies, expect the cost of cover to drop slightly.
- The risks are immense. The financial consequences if your business or customer data is breached could be huge. Not only do you need cover for preventative measures to help stop cyber attacks but also for damage control, legal fees and risk management following a breach. With so many issues to consider, the cost of cyber liability cover rises.
Is it worth it?
So while the cost of cyber liability insurance may seem high, the protection it provides if your business is affected by a cyber event is well worth it. And by taking the time to compare policies and shop around for the best value for money, you can minimise the impact the premiums have on your bottom line.
How can I reduce the cost of getting cover for cyber liability?
As with any form of insurance, it is critical that business owners take the time to assess what they actually need to be covered for to avoid paying for expensive extras on their policy they don’t require. Some other key steps to reduce the cost of your cover include:
- Reinforce security practices. Take the time to ensure you have adequate protection software in place and strong password protection. Poor password protection has been the cause of massive data losses for many companies.
- Risk assessments. Implementation of an ongoing risk assessment schedule to uncover any hardware and software vulnerabilities.
- Secure network access. Use firewalls, anti-virus and anti-spam software and private networks to help prevent attacks.
- Risk management from insurance provider. Some insurers provide risk management services.
- Know what risks are unique to your business. Not all companies are going to have the same vulnerabilities when it comes to cyber liability. Knowing what risks you are exposed to will help you tailor your cover.
- Find out what other cover you already have in place. You may find that you are already covered for some losses under existing first- and third-party policies.
- Appropriate sub-limit. Each policy will have a maximum amount applied for what will be paid in the event of a breach. Make sure this is adequate for your business.
- Speak with a broker. An insurance broker can help you evaluate your cover requirements to help you find asuitable policy option at a competitive rate. Understanding the intricacies of different cyber cover and determining what you are already covered for is no simple process.
Ready to enquire about cover?
Hopefully after reading this article you can see the importance of finding adequate cyber protection for your business. It’s natural to feel slightly overwhelmed at the prospect of assessing the risks your business faces and what type of policy you should be looking for. A business insurance broker can help you find a policy that meets your business's cover requirements and does not leave you overprotected and paying too much for cover.