Do you need cybersecurity insurance?

Does your business receive, collect or store PII or PHI? Do you process payments and store credit card information? Do you use computers? If so, you probably need cyber liability insurance. Check out this handy scorecard to see how high your cyber risk might be.


What is Cybersecurity Liability Insurance?

Cybersecurity insurance, also known as cyber liability insurance or cyber risk insurance, helps businesses weather the storm of a future cyber attack. During an attack, hackers may break past your security systems to access and steal vital consumer data, gain access to your system, or lock you out completely and then demand a ransom.

Cybersecurity insurance helps protect against financial losses that result from attacks like those. Some policies also come with a security network that will go on alert when an attack happens.

Who Needs Cyber Liability Insurance?

Even if your company doesn’t do a lot online, hackers can still target your company. Phone numbers, credit card numbers and social security numbers might be stored in your company’s system online or on a computer and can be used by hackers to steal your customers identities.

If your company stores Personal Identifiable Information (PII) or Personal Health Information (PHI), your risk is even higher. PI includes social security numbers, driver’s license numbers, financial or medical records, or criminal history. PHI includes test results, diagnoses, and other private medical information.

Data breaches can happen at any time, and in a number of different ways. If you have some employees working remotely with company computers, anyone who has access to that computer could get into your system and cause a data breach. Or if you have a physical location where members of the public can enter without an ID card—like retail stores or public areas--a hacker could gain access to your system from there. If your employees use online systems to make or receive financial transactions, or if your company uses cloud based storage for anything, but particularly for payment information, your cyber risks may be greater than you think.

Check out this handy scorecard to see how high your cyber risk might be.

What does Cybersecurity Insurance Cover and Exclude?

Cyber insurance coverage often includes:

  • Notifying customers about a data breach
  • Legally, you are required to notify customers that there has been a data breach and that their information has been exposed. Costs associated with setting up a call center can be very high. Cyber insurance can help cover those costs.
  • Recovering compromised data and Restoring personally identifiable information of affected customers
  • If you need to recover data and restore identities, you may need to hire specialists to recover the data. That can get very pricey. If you have cyber insurance, you'll be able to get back to business sooner.
  • Repairing Damaged computer systems.
  • A cyber attack can punch a hole right through your systems, and they’ll need to be repaired.
  • Investigation of the incident
  • Investigating the incident is crucial because many cyber insurance policies don’t cover incidents caused by internal factors, like current employees or known vulnerabilities, that haven’t been addressed. The investigation will provide evidence that the attack was not of your own making—but these forensic experts come at a cost. Cyber liability insurance will cover the cost of forensic investigation if they approve your claim.
  • Ransomware attack payments based on coverage limits.
  • Sometimes hackers will lock you out of your own system, steal your data, or shut down service and demand ransom payments before they’ll give your system, data or service back. Cyber insurance can cover those payments up to your policy’s coverage limits.
  • Lost Income from a network outage
  • If your company lost income from a network outage during a cyber event, you may be able to recover some of that income with a claim to your cyber insurance.
  • Legal Services to help you meet state and federal regulations
  • Legal services can be costly but necessary to navigate the sometimes murky waters of state and federal regulations. You may also incur regulatory fines during a cyber incident, and cyber insurance can help with those.
  • Lawsuits related to customer or employee privacy or security
  • If a customer sues you after a data breach exposes their information, you’ll need to pay lawyer fees and may need to settle for damages. Cyber insurance can assist.
  • Risk assessment of future cyber incidents.
  • When you get a risk assessment, you’ll be made aware of your systems vulnerabilities that could be exploited in the future. Then you can take steps to strengthen your system and prevent future attacks. Some cyber insurance policies will cover claims that include risk assessment.

Cybersecurity insurance often excludes:

Just like arson, an insurance company may deny your claim if it turns out you set your own fire. In the cyber security world, that means that if there’s a security vulnerability you knew about and did nothing to correct, the insurance company may deny your claim. If your own employees initiated the incident, or if your company was negligent in handling their digital assets, the insurance company may conclude that you are liable for the damages.

Other situations are excluded, too. If you’ve experienced prior breaches, your new policy won’t cover any incident from before the policy was purchased. And your policy won’t cover the expense to improve technology systems, like security hardening.

Won’t my General Liability Insurance Cover Cyber Security?

Many business owners think they have a comprehensive package and that their general liability insurance will cover cyber attacks as well, but generally it does not. General liability insurance covers bodily injuries and property damage resulting from your products, services or operations. So if a customer ‘s wallet is stolen on your property, general liability will cover the cost of any legal fees. But if your customer’s identity was stolen because your data was breached, you’ll need specific cyber security insurance to notify them, restore their identities and cover legal fees.

What Kinds of Cyber Security Coverage Exists?

You might encounter a couple different types of cyber security coverage.

Privacy Notification and Crisis Management Expense Insurance

Privacy notification and crisis management coverage deals specifically with first party damage. It deals with the immediate response resources you may need, like hiring a forensics team or setting up a call center to notify customers of the data breach.

Information Security and Privacy Insurance

Information security and privacy covers the damages resulting from a data breach. It pays the actual liability claims resulting from stolen data. This insurance protects businesses that collect data like credit card numbers, bank account information, trade secrets or intellectual property.

Technology Errors and Omissions Insurance

Also known as E&O, Errors and Omissions is a form of coverage that protects businesses from the full cost of defending against a negligence claim made by a client. It also protects against costs associated with technology errors, like bad code that results in customers receiving other people’s information, mail or messages.

Depending on how your business works, what risks your company accrues and your current cyber security protections, you may need different levels of protections that are stronger in one area than another, or you may need a general protection level that will help in any scenario.

The Bottom Line

Cyber Security is no joke. Recovering from data breaches or other cyber incidents can cost hundreds of thousands of dollars. Your cyber insurance policy can help you weather the storm. Be sure to find cyber coverage that is tailored to fit your needs. Montgomery Insurance agents want to sit down with you and figure out what coverage will protect your company the best.

Download our checklist.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Share this article

Why Montgomery?

From the start of your relationship with a Montgomery agent, your insurance strategy is always monitored, always evaluated for efficiency and always subject to a cost-effective adjustment when needed.  It’s why our clients — our friends and neighbors in the Delaware Valley — have invested their trust and faith in us for more than 75 years.

Our Insights

What do you need to know about employment practices liability insurance (EPLI)?

What are your risks associated with Employment Practices Liability Insurance? Check out this scorecard to see!

Read Full Article

Do you need cybersecurity insurance?

Do you need cybersecurity insurance? Check out this handy scorecard to see how high your cyber risk might be.

Read Full Article

5 types of business insurance coverage

If you are evaluating insurance for a company here are 5 types of business insurance to consider.

Read Full Article