With broader recognition of the risk, a growing number of small businesses are exploring the need to protect themselves with cyber liability insurance customized to their needs.
Cyber liability insurance is designed to provide funds to help your company operate in the short-term aftermath of a cyber breach or significant data loss. In addition, some policies include training and loss-control measures to help reduce the risk of a breach, or to mitigate the effects if a loss occurs.
And with the rise in ransomware attacks in which a company’s files are encrypted and the company has to pay to get their data back, the need to strengthen your cyber defenses and arrange financial protection against losses is more important than ever.
Understand the Risk
A critical early step in shopping for cyber liability insurance is thinking about your potential vulnerabilities and the costs associated with a cyber breach. You also have to compare policies from several carriers, because the insurance industry has not standardized cyber coverages yet.
Cyber insurance can be helpful for companies of all sizes, in spite of the perception among some small business owners that their comparative low profile makes them immune to cyber losses. In fact, most small businesses probably have higher cyber risk than their larger counterparts because they’re less likely to invest in expensive protection measures or to have dedicated IT staffers shoring up their online defenses.
In addition, smaller companies often have online connections to their larger business partners, which can make them a comparatively easier way for hackers to breach large organizations by first attacking their smaller partners.
Another common misperception is that a company’s general liability policy (typically purchased through a business owner’s policy (BOP)) will offer sufficient protection, even though cyber-related risks are excluded from BOPs.
Cyber insurance is offered as an endorsement to a general liability policy, or as a standalone policy designed for companies with more complex needs.
What’s Covered
Depending on the policy you select, cyber liability insurance can cover a variety of direct and indirect costs associated with a cyber loss. These may include:
- So-called ransom to recover stolen or encrypted data (which some policies don’t cover).
- Negotiation and recovery services after a ransomware attack.
- Investigation costs to identify how a breach occurred.
- The costs of notifying customers of a breach or providing post-breach identity monitoring services.
- Credit monitoring for affected customers.
- Lost sales resulting from a cyber-related business interruption.
- Litigation related to disclosures of customer information.
- Legal fees.
- Investigation and data recovery costs.
- Third-party losses resulting from a breach at a service provider.
Specific coverages and premium prices vary by a company’s industry and the types of data it handles. For instance, a software developer or ecommerce provider are likely to pay more for the coverage than a bakery or real estate firm. Companies with personally identifiable customer data are especially vulnerable to cyber-related costs.
Cyber policies may also include risk management services such as awareness training (delivered online or in-person as a company workshop), network security reviews and data protection services. These measures, like property inspections and similar loss control services, can play a role in reducing the cyber risks that too many small businesses overlook.