Cyber Liability: Glossary of Terms

Every business that uses technology or conducts business online faces cyber risks. A cyber attack or breach is costly to restore operations.

‍

The loss of personally identifiable information could also trigger third-party claims or lawsuits. Your business can protect itself against the costs associated with cyberattacks with cyber liability insurance. 

‍

In this post, we’ll highlight the importance of cyber liability insurance, best practices for choosing a policy, and cyber insurance definitions.

‍

What is Cyber Insurance?

Cyber insurance is a policy designed to protect businesses from events of cyber attacks, data breaches, and other cyber security issues. The policy typically covers financial losses arising from hacking, data breaches, viruses, cyber extortion, and denial of service. Coverage may also extend to legal costs to defend claims, regulatory fines and penalties, and mandatory forensic audits. 

‍

Cyber insurance can help shield a business from losses resulting from cyberattacks. The cost of a cyberattack can place a financial burden on your business. You may need to shut down indefinitely to conduct investigations and determine the extent of the attack. 

‍

Cyber insurance can help cover lost revenue due to halted operations or loss of sales due to a damaged reputation. This insurance also helps businesses comply with state regulations that require them to notify their customers of data breaches.

‍

Who Needs Cyber Insurance?

Every type of organization, from multinationals to brick and mortar shops, needs cyber insurance. As technology gets more sophisticated and complex, so do the cyber threats businesses face. Every company, regardless of size, may find value in cyber liability insurance.

‍

A business that uses, sends, or stores electronic data needs cyber insurance. This data, whether it belongs to the business or customers, is vulnerable to data breaches and cyberattacks. 

‍

Cyber liability insurance is no longer exclusively designated for healthcare and technology industries. Most businesses store, send, or receive data digitally. Some of this electronic information includes: 

‍

• Credit and debit card information
• Bank account and routing numbers
• Social Security Numbers (SSNs)
• Taxpayer Identification Numbers (TINs)
• Home addresses

‍

For instance, a bank could suffer a cyberattack that leaks confidential client information. Hackers who gain illegal access to sensitive customer information can use it for cyber extortion and ransom attacks. Cyber liability insurance can help a bank cover the financial losses associated with this compromised data. The insurance may cover investigating the breach, recovering and restoring the information, and notifying customers of the breach.   

‍

Cyber Insurance Coverage

There’s no standard cyber insurance policy, so coverage may vary widely depending on the insurer you’re buying the policy from. At a minimum, cyber insurance coverage protects a business from expenses and claims arising from a cyber attack, data breach, or hacking. Coverage may either be in the form of first-party or third-party coverage. 

‍

First-Party Coverage

First-party cyber coverage protects your business data, including customer and employee information. It pays for any immediate expenses that your business incurs after a cyberattack. Coverage includes financial expenses related to: 

‍

• Lost income following an interruption in business operations
• Recovery and replacement of stolen or lost data
• Repairing any damaged hardware or software
• Customer notification services to alert customers about the breach
• Crisis management and public relations to rebuild the damaged reputation
• Forensic services to investigate the data breach
• Cyber fraud and extortion
• Legal counsel to establish notification and regulatory obligations
• Penalties, fines, and fees related to the cyber incident

‍

Third-Party Coverage

Third-party cyber coverage typically protects your business from claims of liability against your business by others. Coverage typically includes: 

‍

• Payments to customers affected by the cyberattack or breach
• Claims and settlement expenses for related disputes and lawsuits
• Privacy lawsuits for breaching the privacy of employees or customers
• Media liability claims for losses related to copyright or trademark infringement, defamation, libel, or slander
• Negligence or breach of contract claims

‍

Besides first-party and third-party coverage, insurance companies may also provide risk mitigation services to help identify and avert cyber threats before they happen.

‍

Like other insurance contracts, cyber liability insurance doesn’t cover some types of claims. Review your policy’s fine print to understand what exclusions apply to your coverage. Cyber insurance doesn’t cover:

‍

• Claims of bodily injury or property damage. 
• Loss of property
• Intentional dishonest and fraudulent acts committed by the insured
• Contractual liability
• War and terrorism
• Incidents occurring before the policy becomes effective
• Preventable security issues, like mishandling digital assets or poor configuration management
• Costs incurred to improve cyber security infrastructure after a loss has occurred
• Infrastructure failures not resulting from a cyber attack

‍

When purchasing cyber insurance, businesses agree to maintain the appropriate security measures to prevent cyber incidents from happening. Coverage may be denied if you don’t uphold these security measures.

‍

Most cyber insurance policies carry a liability limit of $1 million per occurrence, a $1 million aggregate limit, and a $1,000 Self-Insured Retention, or deductible. 

‍

Cyber Insurance vs. General Liability Insurance

Cyber insurance and general liability insurance are must-have policies for businesses. They can’t be substituted for each other. 

‍

General liability insurance protects a business against claims of bodily injury or property damage resulting from your business operations. A standard general liability policy covers: 

‍

• Bodily injury and property damage to third parties 
• Personal and advertising injury, including libel, slander, copyright infringement, and invasion of privacy
• Medical payments for injuries sustained by others on your business premises or during its operations

‍

Cyber liability insurance is a specialized business insurance policy designed specifically to cover cyber exposures and perils. Standard general liability insurance does not protect against cyber risks. This coverage gap requires businesses to purchase a separate policy to cover cyber incidents.  

‍

Best Practices for Choosing a Cyber Insurance Policy  

Cyber insurance policies may differ in what’s covered, so you need to pick the right policy for your business’s needs. The first step toward purchasing the right cyber insurance policy is assessing your cyber risks.

‍

Contact an insurance agent who is knowledgeable about these specific policies. They can assess your business coverage options, policy limits, and any coverage gaps.

‍

Read and understand the terms of your policy. For instance, know what your policy covers and what it will exclude in the event of a cyberattack. 

‍

Cyber Insurance Definitions

Understanding the terms may also help establish whether the policy matches your business risks. Here are a few cyber insurance definitions: 

‍

• Business Interruption (Cyber): Lost business income due to the inability to conduct business or take in revenue because of cyber or network interruptions. This can apply to interruption of the insured’s own business, or dependent business interruption, which is when a business a company relies on for income is interrupted due to cyber failures.
• Data Breach: When an unapproved entity accesses private personally identifiable information on a business, its employees, and customers.
• Extortion: When a company’s system is held hostage by an unauthorized entity and won’t be released until they have been paid a ransom.
• First & Third Party Liability: First-party liability is for one’s own business, and the third party is for another business that the insured has a responsibility to. Cyber liability usually covers both one’s own losses due to their actions and losses caused by external businesses. 
• PCI Compliance: If a business accepts any payments from credits directly through its own proprietary system, they are legally required to follow a set of standards set by the  Payment Card Industry Data Security Standard (PCI DSS). There are fines and penalties that could be associated if a business’s PCI system becomes compromised. 
• Personally Identifiable Information (PII): The private information entrusted to a business by their employees or clients: made up of names, email addresses, phone numbers, health information, order history, etc.
• Phishing Emails: A common way to breach a business's computer system is by sending a fraudulent email that deceives the recipient into opening content that could compromise their computer system.

‍

Get Cyber Liability Insurance

Cyber liability insurance protects your business from costly cyberattacks. Contact your licensed insurance agent and ask them to get you a Pathpoint quote today.