January 25, 2022
Matthew Kirkland

Learn the basics of Cyber Liability Insurance

What is Cyber Liability Insurance?

People insure their cars, their houses, their boats, their lives; all the things that are most important to them. Julia Roberts even insured her smile for $30 million! It is quite likely that your data is the most important or most valuable asset your company has, so it ought to be insured. Cyber Liability Insurance is coverage that helps protect businesses from the costs associated with data breaches and other cyber incidents; malicious attacks that are constantly on the rise. Comprehensive cyber insurance policies help cover the costs of forensic investigations, notification of impacted individuals, credit monitoring for those impacted, and even legal fees. 

Why is cyber insurance important?

Even if you have the best network security, cyber insurance is essential for your company to recover from a data breach, loss, or corruption. The cost can involve business disruption, revenue loss, or damages to equipment or services.

Do small businesses need to worry about cyber liability insurance?

Let me make this perfectly clear: EVERYBODY needs to worry about cyber insurance.  Cyber attacks of all kinds, including ransomware attacks, are constantly on the rise and small to medium-sized businesses have become a favorite target.  According to the 2021  Accenture Cost of Cybercrime Study, 43% of cyber attacks are aimed at small businesses, but only 14% are prepared to defend themselves. Of the study respondents, 66% report having been the target of an attack in the past 12 months, and 69% said they believe the attacks are becoming more targeted, with SMEs in the cross-hairs. 

The real cost of cyber attacks.

 In terms of dollars Sophos, a British-based security hardware and software company estimates the average cost of recovering from a ransomware attack was $1.85 million in 2021.

Not just about dollars.

The calculation would include numerous other factors besides cash such as:
  • Downtime – This time should be factored in when calculating the true cost of ransomware.
  • People hours – Calculating the total hours spent on recovery may not be possible, but it’s a factor to consider when looking at the total cost..
  • Stronger cybersecurity protections – A company that’s been attacked by ransomware will likely allocate more budget to avoid the same fate in the future.
  • Repeat attacks – One fact of being attacked by ransomware is that it makes businesses a target to hit again. paying ransoms lets cybercriminals know you’re an easy mark.  
  • Higher insurance premiums – Damages incurred by their customers are exceeding estimates, forcing premiums to rise.
  • Legal defense and settlements – If an attack affects customers, you can expect a lawsuit. For most companies, it’s cheaper and easier to settle than get in a long legal battle.
  • Lost reputation – publicized attacks can jeopardize a company’s reputation and ability to maintain and develop their business.
  • Lost business – When customer trust is gone, the dollars tend to follow.

What are you insuring against? The most common attacks on small businesses.

The most common types of attacks on small businesses include:
  • Phishing/Social Engineering: 57%
  • Compromised/Stolen Devices: 33%
  • Credential Theft: 30%

What does cyber liability insurance cover?

Cyber insurance covers your business in the event of network security failure, and instances involving the breach of sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records.

What are the 4 main covers under cyber liability insurance?

  • Data breaches
  • Malware infection
  • Cyber extortion demand
  • Ransomware

There are three general types of cyber liability insurance policies:             

First-party coverage: this policy protects you from the costs associated with cyber attacks that occur within your own network             

Third-party liability: This policy covers any damage to others – customers, partners, vendors, etc. –  that result from a data breach or ransomware infection on your network. This cyber insurance is not typically purchased by small businesses because it tends to be expensive and difficult for them to qualify for.              

Business interruption: this policy helps you cover the costs associated with lost income and expenses when your business is unable to operate normally due to a cyber attack

What does each type of policy cover?

First-party coverage usually includes protection for the following:
  • Forensic investigation fees
  • Notification costs
  • Credit monitoring for victims
  • Costs to notify customers who may have been affected by the data breach
Third-party liability coverage typically includes protection for:
  • Legal fees associated with a cyber security incident

Business interruption policies often include both first and third-party coverages. They can also offer additional benefits such as insurance against business income loss, crisis management, and extortion.

Examples of claims scenarios

First-party coverage:

You’re a small business and you’ve been the victim of a ransomware attack. Your data is encrypted and you can’t access it. The ransom demand is for $50,000. You use your cyber insurance policy to pay the ransom and get your data back. 

Third-party liability coverage:

You’re a small business and you’ve been the victim of a data breach. As a result, your customers’ credit card information has been compromised. You use your cyber insurance policy to cover the costs associated with notifying your customers and providing them with credit monitoring services. 

Business interruption coverage:

You’re a small business and you’ve been the victim of a data breach. As a result, your systems are not accessible and you’re unable to get a timely resolution. You use your cyber insurance policy to cover the costs associated with not being able to operate normally due to the data breach. This could include things like lost income, employee salaries, and rent or mortgage payments.

What’s typically not covered by cyber liability insurance?

As with home or auto insurance, cyber insurance isn’t a “one-policy-fits-all” product. different policies can have different cyber coverage. So, it’s important to understand what is and isn’t covered by any policy you’re considering. Below are some examples of things typically not covered by cyber insurance policies:

  • Theft of physical assets like computers or servers
  • Employee dishonesty
  • Acts of God like floods or earthquakes
  • Intentional acts by employees, contractors, or other third parties that are not done in the course of their employment with your business. If an employee’s actions result in a data breach, they would be considered intentional and wouldn’t typically be covered under most policies. There may be exceptions, so be sure to check with your cyber insurance provider.
  • Ransomware and other cyber attacks that don’t specifically target your business

Like with any other business insurance, it’s important to read through the terms of any policy you’re considering to make sure you understand what is and isn’t covered. Cyber insurance can be a valuable tool for businesses, but make sure you understand the policies available to you before purchasing.

How much does cyber liability insurance cost? 

Like most other insurance, the cost of cyber insurance varies significantly depending on the company, your business, the type of policy, and the amount of coverage purchased. If you’re not sure how much coverage you need, talk to your agent about what type of protection would work best for your business. Make sure you get all of the details before signing on the dotted line! The last thing you want is more headaches when you’ve just been hacked.

Ways to save

A good idea for businesses who want some extra protection without spending too much money is buying a policy through their bank or credit union instead of getting one directly from an insurer – this could save them money on premiums while still providing plenty of coverage

 While not cheap, cyber insurance is generally less expensive than other business insurance policies like property or liability insurance.

Does cyber liability insurance have a deductible?

Yes. As with any insurance coverage it has a minimum deductible. You may choose your deductible as an option in order to secure your cyber insurance. A deductible represents the amount you must pay before coverage begins. This policy applies yearly to your cyber policy if your company loses its business. Often choosing a higher deductible means you receive lower rates on premiums.

Is cyber liability insurance right for my business?

I stated earlier that EVERY business should have some degree of cyber liability insurance as protection against cyber risks. But, how much and what type of cyber insurance really depends on your risk tolerance, the type of business you’re in, and how important data breach protection is to you. Cyber insurance can be a valuable tool in helping businesses manage the risks associated with doing business online. It is important to note that not all businesses are eligible for every policy, so be sure to speak with an agent to see what is available to you.

How do I become eligible for cyber insurance cover?

No insurance company is going  to give you any sort of coverage until they know you have done everything you can to make your systems as secure as they can be. There are some key items that insurers will want to see in place, some mandatory and some highly suggested. The more of these items the company has in place, the lower their cyber insurance cost.

Must Haves

With so many cyber risks out there today, insurance companies will insist that at least the following security measures be in place:

  • Multi-Factor-Authentication (MFA) engaged for all remote access points  (including web mail), for access to privileged accounts, and for all cloud provider services.
  • Endpoint Detection and Response (EDR) software engaged
  • Must use next-generation antivirus (NGAV) to protect all endpoints across the enterprise
  • Must use a Security Operations Center (SOC) tool to monitor systems 24/7

While these are likely non-negotiable issues for cyber insurance coverage, there are other things you can do to potentially lower your premiums. For instance, you could initiate a regular patch update protocol, utilize protective DNS services such as ZScaler or Quad9 and institute regular phishing/social engineering training for employees. Anything you can do to minimize cyber risk can lower your cyber liability insurance quote.

Decision Time

There was a time, a quite recent time, where I would have said, unequivocally, that every business, no matter the size, must-have cyber risk insurance coverage. And while that statement remains  true, mostly due to the constant proliferation of cyber risk, I will temper it with a mention of the incredible increase in the cost of these policies. Increases that put them out of the reach of some smaller businesses. But if you can afford it, do it.  No matter how small your company may be, you are at risk for a cyber attack. At Nerds On Site, we understand the importance of protecting your data and have the proven solutions to keep you covered. Contact us today to learn more about our cyber liability insurance policies and how they can help protect your business from potential threats.