What Does Cyber Liability Insurance Cover

Many small businesses use computers for electronic data tasks. Sales projections, tax records, and contingency plans are crucial info.

If lost due to a security breach, restoration is hard and costly.

A breach can lead to lawsuits for personally identifiable information like social security and health records.

Businesses can buy cyber liability policies (e.g., The Hartford’s CyberChoice, Travelers’ CyberRisk, Philadelphia’s Cyber Security) to guard against breach costs.

What Does Cyber Liability Insurance Cover
Image source (Piktochart)

What Is Cyber Liability Insurance?

Cyber liability insurance addresses financial losses arising from cyber events and data breaches. Policies vary widely as insurers often use their own developed forms.

These policies typically encompass both first-party and third-party coverages.

First-party coverages handle direct expenses incurred by a business due to a breach.

On the other hand, third-party coverages pertain to damages or settlements the business is required to pay for claims resulting from its actions or inactions.

For example, a client suing a therapist for negligence after a hacker breaches the therapist’s system and exposes treatment records online.

Cyber policies offer various coverages, some automatic and others optional, with separate limits for each. Certain coverages may only apply after the business pays a deductible or retention.

Read more: Are business accounts FDIC insured?

Coverage for Costs of a Breach

First-party coverages in cyber liability policies include:

  1. Data restoration: Covers the cost to replace or restore electronic data damaged by a hacker attack or virus.
  2. Loss of income and extra expenses: Covers income losses and additional expenses following a shutdown caused by a cyber incident.
  3. Cyber extortion: Covers ransom paid to hackers threatening data damage, virus release, or confidential data exposure.
  4. Notification costs: Covers expenses for notifying parties affected by a data breach, including credit monitoring services.
  5. Crisis management: Offers coverage for hiring experts, such as attorneys and public relations professionals, to assess damage and protect the company’s reputation.

Coverage for Claims and Lawsuits

Numerous cyber insurance policies encompass liability coverages as described below, typically adopting a claims-made approach.

These coverages commonly address damages, settlements, and defense costs, which may either be inclusive of the limit or additional to it.

  1. Network Security and Privacy Liability: This coverage protects against claims stemming from the business’s negligent acts, errors, or omissions. Examples include the failure to safeguard sensitive data, failure to notify of a data breach, or inability to prevent a security breach leading to a DoS attack or the introduction of a virus.
  2. Electronic Media Liability: This insurance type handles legal actions against the business related to acts such as libel, slander, defamation, copyright infringement, invasion of privacy, or domain name infringement. Generally, these acts are covered only when they result from the policyholder’s publication of electronic data on the Internet.
  3. Regulatory Proceedings: Encompasses fines or penalties imposed on the business by regulatory agencies overseeing data breach laws. It also covers the expenses associated with hiring an attorney to assist in responding to regulatory proceedings.

What Cyber Policies Don’t Cover

What does cyber liability insurance cover
Cyber liability insurance is a type of insurance that covers the cost for a business to recover from a data breach, virus, or other cyberattack: Photo source (Forbes)

Like all insurance contracts, cyber policies exclude certain types of claims. Here are some typical exclusions:

  • Bodily injury and property damage.
  • Intentional dishonest acts committed by the insured.
  • War and terrorism.
  • Contractual liability.
  • Utility failure.
  • Cost of restoring computer systems to a higher level of functionality than they were previously.
  • Acts committed before the retroactive date (if the policy has one).

Leave a Comment