Everything You Need To Know About Cyber Liability Insurance

Today, cyber risk is a fast-growing concern. News reports regularly feature cyber security incidents, such as ransomware attacks , and sophisticated social engineering schemes.

Companies, irrespective of their size, industry, or turnover, often find themselves targeted by cyberattacks. The cost of a single data breach averages $4.4 million globally and $9 million within the US.

Still, a lack of awareness and a sense of invincibility leads many businesses to ignore this vital risk protection mechanism. In reality, it is just as important as any property insurance.?

This article will explain what is generally included and excluded in a cyber liability insurance policy. I will also walk you through the initial qualification process and how to file an insurance claim.

Throughout this article, the words ‘cybersecurity insurance’, ‘cyber liability insurance’, and ‘cyber insurance’ will be used interchangeably. ? ?

What Is Covered by the Cyber Liability Insurance?

Cyber insurance safeguards against losses related to IT system and network damage or information loss. It provides financial protection in two main ways:

First-Party Loss:?

This covers direct financial losses to you or your business resulting from a cyber event. A cyber event can be any unauthorized access to IT systems, electronic attacks, or privacy breaches. Common first-party losses include data theft, digital asset damage, and business interruption costs.

Third-Party Loss:?

Cyber insurance also addresses liability actions that may arise from a cyber event. For example, malware can spread through your email servers to your customers. Third-party liability may include costs for investigation, legal defense, civil damages, and compensation payments to affected parties, like getting credit monitoring services .???

Cyber insurance goes beyond financial coverage and typically includes the following elements:

Pre & Post Incident Support?

Insurers offer assistance in managing cyber risks and preventing incidents. This can involve access to cybersecurity expertise, threat intelligence services, IT vulnerability assessments, staff training, and password management help. Insurers also provide post-incident support (cyber forensic support) to assess damage to your systems, identify breach sources, and recommend preventive measures.

Privacy & Security Breach Costs

This critical section covers expenses related to handling a security breach. It includes costs for notifying your customers, operating call centers, seeking public relations advice, legal fees, and regulatory compliance. It also covers claims of privacy infringement and associated legal costs that can quickly pile on your business.

Ransomware Payments

Cyber insurance typically reimburses the ransom amount and consultant fees for negotiations in case of a ransomware attack. Reporting such incidents to the police and consulting with insurers are essential steps.?

However, it is important not to disclose the terms of your cyber insurance, for example, the maximum payout limit, to hackers even if they tempt you to do so. Negotiating directly with hackers while bypassing your insurer can lead to a breach of contract that can seriously endanger your insurance claims.?

Damage to Digital Assets?

You are also protected against damage, loss, corruption, or alteration of digital assets like websites and data. This is crucial for businesses reliant on online operations or automated systems.

Business Interruption?

Cyber insurance addresses revenue loss caused by IT failures as a result of cyberattacks. It also includes increased operational costs incurred during the recovery phase.?

Media Liability

It also covers for claims arising from your digital presence, including libel, slander, or defamation. This is especially relevant for businesses heavily involved in digital communication, social media, content creation, or online advertising.

What Is Not Covered by Cyber Insurance?

Here are the things that aren’t usually covered by cyber liability insurance:?

Nation-State Attacks, War, Invasions & Insurrections??

Most of the cyber insurance policies exclude damages caused by nation-state attacks inside a warzone where critical national infrastructure has been damaged. But, losses suffered in other countries, where no war exists, will still be covered.??

For instance, if a company operating both inside and outside of Ukraine is attacked today by the Russians, then any losses incurred as a result of their IT infrastructure being taken out inside of Ukraine, which is in a state of war, would be excluded. However, if their operations in, let's say, Poland or Hungary are also impacted, any losses stemming from this would be covered since these countries are outside of the war zone.?

Therefore, it is important for businesses to carefully review “war exclusions ” before finalizing a policy. Otherwise, it can lead to multi-year litigation as in the case of Mondelez vs. Zurich Insurance Group after the NotPetya ransomware attack in 2017.?

Intellectual Property Loss

For tech companies, manufacturers, and other businesses, your intellectual property (IP) is absolutely vital. When proprietary materials like patents, product designs and formulas are stolen, it can seriously harm your competitive edge, lead to a loss of market share, or even spell the end of your business. Regrettably, the majority of cyber insurance policies don't provide coverage for the financial losses resulting from IP theft.

Physical Injuries and Hardware Losses?

Cybersecurity insurance generally doesn’t cover property losses arising from a cyber attack. You won’t be able to claim the cost of a network router that has gone corrupt due to a DDoS attack . Similarly, physical injuries arising out of cyber events aren’t covered either.?

Loss Due to Social Engineering Frauds

Social engineering is a tactic that involves an attacker gaining the trust of their target and persuading them to divulge sensitive information. This includes phishing, impersonation, pretexting etc. It's important to note that social engineering fraud doesn't fit into the "cyberattack" category, which can lead to issues with the effectiveness of your cyber insurance coverage.?

Many insurance providers either don't offer coverage for social engineering or have very limited definitions of it. In some cases, the responsibility for social engineering incidents may be placed on you and your employees, resulting in denied claims.

Grey Area: Cryptocurrencies

Cryptocurrencies are the Wild West of the cyber insurance industry. Most startups and companies operating within the cryptocurrency industry, like crypto exchanges, typically go for theft coverage, which includes cyber insurance and crime. These policies are not yet accessible directly to consumers.

Regulatory uncertainty is one of the biggest challenges preventing cryptocurrency insurance from going mainstream.?

I will cover this topic in detail in the coming days.?

How Can Businesses Get Cyber Liability Insurance?

Large corporations

Let us assume that a large corporation, like Pfizer, wants to get cyber liability insurance with $1 Billion coverage. Such firms have huge cyber exposure. Conventional insurance brokers can’t get them the coverage they would want as these require specialty insurance products.?

The world’s biggest insurance marketplace is the Lloyd’s of London, which specializes in insuring complex risks. Pfizer will most likely approach them directly or indirectly and present them with the details of their cyber risk. The whole process will consist of lengthy negotiations and cybersecurity audits. This may take three to four months.?

SMEs

For small and medium enterprises, the process is a lot more straightforward. You will approach your insurance broker with a request for cyber liability insurance. The broker will offer the coverage as an add-on to your existing property insurance.?

Alternatively, you can approach insurance carriers directly through their websites or phone lines. They can offer standalone policies to cover all your cyber risks. Usually, you will be required to perform cybersecurity self-assessments and fill out questionnaires. These are related to basic business details, employee training, backup management, breach history, etc.?

For medium-sized enterprises, insurers may require a business continuity plan and multi-factor authentication to be in place. Overall, the better cybersecurity arrangement you have, the better terms you will get from your insurer.?

How To File a Cybersecurity Insurance Claim?

There are two ways to make a cyber insurance claim.?

1. You call your insurance provider on their hotline and inform them about the cyber incident. They forward the case to their in-house team of experts or a third-party consultant/vendor. Insurers will most likely reimburse claims after verification of the losses.?
2. You call your cybersecurity consultant directly and tell them about the cybersecurity incident and your insurance package. They investigate the incident and send the recovery bill directly to you or your insurance provider.?

In both cases, you must fill out the claims form as required and cooperate with the insurance provider at every step. This will help you in expediting the claims procedure.?

What Are The Premium Costs Like?

Cyber liability insurance premiums largely depend on the coverage limits. Other factors include the type of business and the number of employees. Highly regulated industries like healthcare and financial sectors have much higher insurance premiums than simple brick-and-mortar retail stores.?

Consider you have a small online store, and you want coverage of, say, $1 million with a deductible of $50,000. Your insurance premium, in this case, would be between $1500-$2000 per year.

Now, if you are a HIPAA -compliant hospital needing $10 million in coverage with a $500,000 deductible, then your insurance premium can exceed $250,000 annually.?

Brick-and-mortar businesses should expect their premium to be within the 0.1-0.5% range of their coverage limit. This percentage jumps to 2.5% for hospitals and other HIPAA-compliant businesses. Similarly, a cryptocurrency startup can pay as much as 5% of its coverage limits.?

It is essential to know that the cyber risk changes rapidly. Due to this unpredictability, the insurance industry hasn’t been able to develop reliable long-term data models as available for traditional sectors like car, home, or maritime insurance. The main reason is the lack of historical loss data for this nascent sub-industry. Therefore, you have to negotiate to get better deals.?

Getting a Personal Cyber Insurance

This is a growing market, with several home insurance firms providing personal cyber insurance as an add-on to homeowners' or renters' insurance policies. They cover cyberattacks, identity theft, cyberbullying , data breaches, deceptive transfer fraud, and cyber extortion against you and your family. Moreover, they also provide services like lawsuit protection, access to fraud specialists, and active cyber monitoring.??

Top Names in the Cyber Insurance Industry

Top cyber insurance providers are Chubb, AIG, Travelers, Beazley and CNA. Companies in the United States account for the largest percentage of insurance premiums globally.

Way Forward?

Getting a carefully crafted cyber liability insurance is becoming crucial, especially when ransomware attacks are growing in number. Businesses, irrespective of their size and revenues, should continually assess their cyber exposure. There is a whole range of cyber risk quantification software available today. Lastly, a competent insurance broker can always help you in getting favorable terms.

However, focusing on internal cybersecurity is the ultimate life-saver. You must strive to prevent attacks before they can reach your systems. This can only happen if you prioritize cybersecurity through updated systems (both hardware & and software) and regular employee training. With greater internal controls, you have a better negotiating position with your insurance provider.?

Like, Share, and Comment if you found this article helpful!

Embark on a journey to transform your technological insights into compelling stories that capture hearts and minds. I am adept at fusing industry knowledge with the art of narrative, turning complex tech jargon into engaging content. Don't let your innovative ideas get lost in translation. Reach out to me and let's collaborate to create content that not only educates but also converts.

References:?

[1] Cost of Data Breach

[2] Don’t Negotiate Directly with Ransomware Attackers

[3] NotPetya Attack Reshaping Cyber Insurance

[4] Cyber Insurance calls for Multi-Factor Authentication ?

[5] Cybersecurity Insurance Has a Big Problem

[6] Do You Need Personal Cyber Insurance?

[7] Tips for Negotiating Your Cyber Insurance