What is Cyber Liability Insurance? Is It Worth It?

Q: What are the main benefits of cyber liability insurance for small businesses?

Cyber liability insurance offers small businesses critical protection against the financial and operational fallout of cyber incidents, such as data breaches, ransomware attacks and phishing schemes. It typically covers costs related to data recovery, legal fees, regulatory fines, customer notification and even public relations. For small businesses with limited resources, this coverage can mean the difference between recovering from a cyberattack or shutting down altogether.

There was a time when bad business decisions, unpredictable markets, fires, floods and robberies were the kinds of things that caused businesses to incur losses. But our ever-expanding cyber universe has opened the door to cybercrime, and now companies can go under from a severe cyberattack. In step with this increasing vulnerability, insurance companies offer policies to protect businesses from such attacks. Cyber liability insurance reimburses businesses for financial losses resulting from data breaches and other cyber events.

What Does Cyber Insurance Cover?

Naturally, the first thing you’ll want to know is what does cyber insurance cover? As with most insurance policies, the coverage and costs vary between insurance companies. There are two basic types of coverage:

First-Party Coverage – Pays out-of-pocket expenses that a company directly incurs as the result of a cyberattack
Third-Party Coverage – Covers damages or settlements a business must pay related to lawsuits resulting from its actions or inactions after a data breach

Like most insurance policies, the choices vary in the range of coverage, policy limits, optional riders and deductibles.

Q: What are the main benefits of cyber liability insurance for small businesses?

A: Cyber liability insurance offers critical protection against the financial and operational fallout of cyber incidents, such as data breaches, ransomware attacks and phishing schemes. It typically covers costs related to data recovery, legal fees, regulatory fines, customer notification and even public relations. For small businesses with limited resources, this coverage can mean the difference between recovering from a cyberattack or shutting down.

What Does First-Party Cyber Insurance Usually Cover?

Here are some typical first-party coverages you’ll find in a cyber liability policy:

Loss of Income – In addition to the loss of income sustained by a business from having to shut down from a covered cyber event, the policy will also cover additional expenses incurred by the company to restore its regular operations fully
Data Restoration – This coverage will pay for the cost to replace or restore data and software damaged by a cyberattack and generally covers a wide array of potential cyber perils, including direct hacker attacks, viruses, malware, etc.
Ransomware Attacks and Extortion – If you pay a ransom to a cybercriminal holding your system hostage, the insurance company will work with the insured business and, in some cases, even hire a ransom negotiating specialist to assist
Notifications – The insurer reimburses any expenses related to notifying all parties affected by the cyberattack. In most states, laws require businesses to inform individuals when there’s the possibility that their data has been breached. These notifications are of particular importance to high-compliance, small and midsized businesses, such as law firms and medical practices. Some insurers also offer extra services such as ongoing credit monitoring for a set period
Crisis Management – Many cyber liability policies afford crisis management services to help the business navigate the issues. These could include forensic accountants, attorneys and computer specialists. When appropriate, public relations experts might be employed to help mitigate the PR damage caused by a cyberattack

Q: Are cyber insurance premiums affordable for small businesses?

A: While cyber liability insurance is becoming more accessible, cost can still be a barrier for very small or budget-strapped businesses. Premiums vary depending on the size of the company, the type of data it handles and its current cyber security posture. Businesses that lack basic protections may face higher premiums or even be ineligible for coverage until they improve their defenses.

Lawsuits and Other Post-Cyberattack Claims

Most cyber liability policies include coverages for claims made by third parties. The coverage generally includes reimbursement for any costs related to legal defense and settlements with third-party claimants. There are three basic categories of claims that will typically be covered:

Network Security and Privacy Breaches – These are related to claims of negligence in cyber security and privacy invasion. The cyber policy will indemnify the business and cover the cost of the claims
Regulatory Proceedings – Fines and regulatory penalty fees imposed by governing agencies. The cost of an attorney is also covered
Electronic Media Liability – These are legal claims like slander, libel, invasion of privacy and copyright or domain infringement from the publication of electronic data breached by the cybercriminal

What Does Cyber Insurance Not Cover?

The good news is that a long list of cyber events is covered. Here are some typical liability exclusions:

Property Damage and Bodily Injury
Contractual Liabilities
Illegal Acts Perpetrated by the Insured
Acts of War and Terrorism
Power Failures
Actions Committed Before the Cyberattack

The FBI has reported a 400% increase in cyberattacks on small and midsized businesses since the pandemic. The best insurance against a cyberattack is never to have one. If you haven’t yet fallen victim to a cybercrime, you should act now to take the necessary steps to protect your data. You might be using some protective measures already, but as cybercrime rises and your business grows, your network surface attack area for hackers grows, too. It is essential to hire experts to provide a cyber risk analysis of all your systems and networks.

Q: Can cyber insurance replace a robust cyber security strategy?

A: Simply consider the answer to “What does cyber insurance not cover?” to understand that a policy should never be seen as a substitute for strong cyber security practices. It’s a reactive measure that provides financial assistance after an incident, but it does not prevent attacks from occurring. Businesses must still invest in preventative tools, such as firewalls, encryption, employee training and regular audits, to reduce their exposure and avoid policy exclusions.

How Cyber Security Firms Help Answer: What Is Cyber Liability Insurance?

Are you confused about what does cyber insurance cover and what does cyber insurance not cover? Firms that specialize in preventing cyber threats have an array of solutions to protect against cybercrimes, and they can help unravel your questions, even ones as basic as “What is cyber liability insurance?” They work with small and midsized businesses to establish cyber security best practices that help ensure confidential data has the best protection possible.

Most cyber insurers require proof of network security practices before issuing a policy. Companies should get an assessment ahead of time to understand the gaps in their security and get started on protecting network business data. Working with IT security providers can reduce your insurance costs and help prevent claims in the first place. Reach out to us if you are in the Greater New York City area, or contact a local cyber security firm that can assess your cyber risks, advise you on needs and work with you to ensure you have the best protection possible for your business.