Cyber attacks present companies with an enormous financial risk. From phishing attacks that capture credit card details to crippling malware infections, recovering from these incidents can be both time consuming and costly.
Cyber insurance provides businesses with protection from data breaches and cyberattacks that are increasingly commonplace due to e-commerce, remote work and digital security threats. All businesses should consider this coverage for optimal operations.
What is Cyber Insurance?
Cyber liability coverage protects businesses against the financial losses caused by cyberattacks, covering costs associated with forensic investigation, malware remediation and data breach notification expenses as well as potential legal fees related to an attack.
While traditional business insurance policies such as general liability or errors and omissions cover physical damage to property, they do not typically provide coverage for digital assets like jet skis or smart lock bikes rented out to customers. Should an attack lead to their malfunctioning, such as cyber insurance can help pay to repair or replace them as necessary.
Cyber insurance provides liability protection from threats like extortion, ransomware payments and other online-related risks that may come your business’s way, including public relations support when an incident happens and crisis management assistance when one does. Cyber insurance should be considered especially essential by businesses that store personal data like credit card, Social Security and bank account numbers or those that produce and transmit digital content such as restaurants, fitness studios or tour guides.
Coverage Types
Businesses are turning to cyber insurance policies in increasing numbers to protect themselves against online threats. While traditional commercial liability policies do not typically cover digital risks, specialized cyber policies provide coverage against specific risks that businesses encounter online.
Information security breaches involving hackers obtaining customer or proprietary data remain a serious threat for businesses, while regulatory bodies often enforce stringent standards on how businesses must manage and store sensitive information, with potentially serious repercussions if noncompliance occurs.
Some cyber insurance policies cover the costs associated with responding to a data breach, including conducting forensic investigations, notifying affected individuals, providing credit monitoring services and more. First-party policies may even include coverage for ransomware payments as well as public relations expenses associated with managing reputational damage due to cyber attacks.
Coverage Limits
An all-purpose cyber policy may not provide sufficient coverage. An experienced broker can assist in assessing their individual needs and designing an adequate policy.
The amount of coverage needed depends on a business’s risk exposure and size/complexity of operations, for instance a retailer storing personal information of thousands of customers may require much higher limits than an IT services provider managing systems for only several clients.
Many insurance markets take into account how much data a business processes or stores annually as this can have an effect on underwriting and premiums. This is especially relevant to organizations handling an enormous volume of personal data; such organizations often incur higher expenses associated with breach response efforts and must purchase credit monitoring services following any data breach; moreover, such companies become attractive targets for cyber criminals.
Exclusions
In certain instances, insurers exclude coverage for specific forms of cyber incidents – such as phishing and ransomware attacks, as well as cyber extortion involving stolen credentials or sensitive data. They may also exclude losses caused by failing to implement security best practices like multifactor authentication and strong password policies.
Many cyber policies contain general exclusions for acts of war or terrorism; when considering this exclusion in relation to war, it’s crucial that one determines whether this includes cyber attacks committed by foreign entities against their own citizens.
Businesses operating in industries like hospitality or healthcare may experience long-term costs associated with losing customer trust and regulatory fines due to data breaches. These costs can be mitigated with an effective cyber insurance program with high per-occurrence and aggregate limits that support business operations, along with time deductible coverage to protect against short-term outages or revenue loss. Guy Carpenter’s global team of brokers, contract consultants, product innovators, and analytic experts offers clients expert assistance for their cyber reinsurance needs, from analysis of emerging model wordings and silent stress tests through scenario modeling for both historic and potential threats.