Data breaches are now common events and reported regularly in the news, but managing risks associated with data breaches and the significant costs that result from data breaches have generally been the purview of larger companies, until recently. As more companies use cloud-based systems to manage all or a portion of their businesses, data breaches are now the concern of smaller companies, too. One of the options available to manage the risk and expense is to buy insurance – cyber liability insurance coverage – commonly known as “cyber insurance.”
Many of us have been the recipients of a mandatory data breach notification letter. The laws and regulations related to mandatory data breach notifications are one of the many reasons cyber insurance is becoming more necessary. The costs of discovering and notifying affected clients can be astronomical, to the point of driving bankruptcies in certain situations. The specifics for coverage of cyber-related incidents can vary significantly, depending partially on the expertise of the carrier and how the policy is written. You should ask a lot of questions about the coverage and also the exceptions to coverage. Examples of insurance coverage available include:
Data breach/privacy management/crisis management: This should cover expenses related to the initial and ongoing management of a data breach incident, including the investigation, remediation of the breach, notification of those affected, credit checking for those affected, attorney and court costs, and fines.
Multimedia liability: Damages can involve the compromise of your website and intellectual property rights infringement.
Network security: This can include your data that resides on systems of third parties, not just your own system.
Extortion: The threat of extortion can be broad or limited to specific individuals, but losses due to extortion or, more commonly, the threat of extortion can be covered, including professional fees.
You will find that some portions of a cyber insurance policy overlap coverage for business interruption, third-party provider issues, and professional fees, but a solid cyber policy will ensure risks specific to a data breach or other cyber-related matters that are not addressed by the interconnectedness of other issues covered.
We encourage our clients to talk to their insurance professionals about proper coverage for their particular business. If you need further assistance, we can put you in contact with insurance professionals who understand cyber-related risks.