Understanding Cyber Insurance

The threat of a cyber-attack is too high, and the consequences can be devastating. At this point, it's important for all businesses to have cyber insurance regardless of their size, industry, or IT needs.

If your business stores or processes sensitive information like names, addresses, Social Security numbers, medical records, or credit card information you need cyber insurance.

But, as more small businesses choose to use and store digital data, the need for cyber insurance coverage has expanded. A few of the many businesses that should consider a cyber policy include healthcare, banking, financial firms, IT services, retailers, manufacturing, restaurants, marketing companies, contractors, real estate agents, and consultants.

What Cyber Insurance Covers

While standard policies vary, most will cover the following loss events associated with a data breach and other cyber incidents:

• Network security breach: 

This is the type of coverage that most people think about when they hear the term cyber insurance. It is intended to protect companies from the costs of viruses, malware, cyber extortion, data breaches, and data destruction. Covered expenses include legal (if sued), data breach and security analytics, and data recovery.

• Data privacy breach: 

There is some overlap between this type of cyber insurance and network security since privacy issues often occur from network troubles. The important distinction is that privacy coverage also protects against the loss of physical records like files tossed into a dumpster. 

• Errors and omissions: 

This is a type of professional liability insurance that protects companies, their workers, and other professionals against claims of inadequate work or negligent actions.

• Cyber business interruption: 

With this coverage, you can recover lost profits and have your fixed costs paid for after a cyber-attack that causes a network outage and service interruption.

• Media liability:

This coverage protects you when you’re liable for intellectual property infringement through digital or print advertising for the following broad areas: defamation, invasion of privacy, infringement of copyright, and plagiarism.

First-Party Coverage vs. Third-Party Coverage:

Cyber insurance has two components: third-party liability coverage and first-party coverage. 

First-party coverage provides protection against the financial losses your business incurs due to a data breach, hack, or other cyber events.

The third-party liability coverage provided by cyber insurance provides protection against lawsuits filed by clients or others against your business as a result of a breach of their security or privacy. 

What Cyber Insurance May Not Always Cover

Some standard policies don’t offer the following protections:

• Social engineering fraud: 

Business email compromise (BEC) attacks, in which executives are tricked into wiring money into outside accounts, and other forms of social engineering are not typically covered under most cyber insurance policies. Such attacks can also lead to liability claims and lawsuits against the impacted business.

• Bank account takeover: 

Banks won't cover you if cybercriminals manage to hack into your business bank account and withdraw funds. Coverage is available for this, but it's something businesses need to request. 

• Third-party mistakes: 

Some cyber insurance policies extend coverage to third-party providers, but many do not. If you use a third party to provide e-mail, cloud services, web hosting, customer relationship management, or any number of other services provided by third parties, this is a pretty big deal.

• Reputational damage: 

You may need to repair your company’s reputation to avoid losing business after a data privacy breach. However, most cyber insurance policies don’t offer such coverage because of the difficulty of quantifying the loss.

• Business interruption losses within the waiting period: 

After a cyber-attack occurs, the clock starts ticking. Most policies have a 10-12 hour waiting period before coverage kicks in. Even if you encounter business interruption for most of the workday, you may not be covered by your cyber insurance policy.

• Sales loss during downtime: 

Not all cyber insurance policies provide coverage for profits lost due to business interruption after a cyber-attack.

• Payment Card Industry (PCI) fines:

When a company is hit with a credit card breach, cyber insurance policies often cover the process of notifying customers and regulators. Even if you have cyber insurance, you may have to pay out of your pocket for any non-compliance fines issued to you by the Payment Card Industry.

• New Hardware / Software: 

The cost of hardware or software security fixes or replacements after a cyber-attack is typically not covered.

• Injury or property damage coverage: 

In certain industries, such as manufacturing with IoT systems, a cyber-attack could cause equipment malfunction, resulting in bodily injury or property damage, for example, spoilage of food due to refrigeration failure. Most cyber policies don’t cover such losses.

Cyber insurance is important to the financial well-being and future of your business. A single claim can be costly and difficult to overcome on your own. Cybersecurity insurance helps reduce the potentially devastating effects of a claim.

Teknologize is a SOC 2 certified, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:

• Tri-Cities, Washington 509.396.6640
• Yakima, Washington 509.396.6640
• Bend, Oregon 541.848.6072

Questions about your IT or Cybersecurity? Give us a call today!