Will CGL Insurance Cover My Clients for Cyber Exposures?
CGL Policies May Cover Less Than Your Clients Think
In general, Commercial General Liability (CGL) insurance is a must-have for any business. CGL offers protection from financial loss due to injuries or property damage that occur on the premises. However, while CGL is considered comprehensive business insurance, it does not cover all types of risk. Despite the upsurge in incidents in recent years, CGL policies do not typically cover cyber exposures.
Because of this coverage gap for cyber incidents, businesses must acquire cyber liability coverage as a separate policy. Still, there is good news. Cyber policies are relatively inexpensive to maintain, yet they provide enough protection to save your clients thousands, or even millions of dollars in the event of an incident.
Read on to learn exactly how CGL insurance works and why your clients should prioritize getting an additional cyber policy.
What Damages are Covered by a CGL Policy?
Commercial general liability insurance protects your clients’ business from financial loss due to lawsuits that arise from everyday activities. It also covers non-professional negligent acts. Negligence refers to the principle that everyone must take reasonable measures to avoid injuring others. There are two primary kinds of negligence:
- Professional negligence means that work completed caused physical or financial harm to a customer. For example, if an accounting company makes an error on a tax return that triggers a costly IRS audit, the client could sue you for damages. Thus, CGL would not cover your client in the case of professional negligence.
- Ordinary negligence applies to the general public and occurs when a company fails to prevent injury to others. For example, if proper signage is not posted on a business property during construction and that resulted in a customer’s injury, the business might be accused of ordinary negligence. A CGL policy would cover your client in the case of ordinary negligence.
There are four different types of ordinary negligence that a CGL insurance policy covers. Here’s how to break them down for your clients:
- Third-party bodily injury. If a customer is injured in an accident involving your business, CGL insurance can help pay for medical expenses, including compensation for lost income, doctor visits, and physical therapy due to the accident. It also protects your business from the legal liability associated with bodily harm, should the customer decide to sue over the injury. Even if no physical harm has occurred, CGL can cover the costs associated with emotional distress.
- Third-party property damage. CGL insurance covers expenses to repair or replace customer property, should it be damaged accidentally by your business.
- Product liability. Even if harm doesn’t occur on the business premises, you could still be sued for damages if you manufacture, distribute, or sell products. A general liability policy will typically cover the legal expenses associated with a product liability lawsuit.
- Advertising injuries. If someone sues a business owner or employee of personal/advertising injury, CGL will cover the legal expenses. Personal/advertising injury includes the following:
- Malicious prosecution
- Misuse of another’s advertising idea
- Invasion of privacy
- Copyright infringement
- Wrongful eviction or entry
What Damages Does CGL Insurance Miss?
As mentioned above, CGL policies generally do not cover cyber liability. Some policies may claim cyber liability protection, but that coverage is minimal. Despite this, many people still hold the common misconception that CGL includes comprehensive cyber coverage.
Some businesses have had to learn this distinction the hard way. Sony became a high-profile example when its PlayStation network was hacked in 2011. The breach affected 77 million customers, costing the company an estimated $171 million dollars. Though Sony had assumed that its CGL policy through Zurich American Insurance Company would cover the costs, it only covered physical property damage. Fortunately for Sony, they were able to recover from the financial hit. A smaller company in the same position might not be so lucky.
Another example is the case of Portal Healthcare. After a data breach led to patient records being published online, the company attempted to seek compensation under its CGL policy. The case went to court, and in April of 2016, the Fourth Circuit ruled in Portal’s favor. But, Portal was only granted partial cyber coverage. The company did not receive the full benefits of a dedicated cyber liability policy, which would normally include first- and third-party costs, as well as a panel of expert services.
Even though cyber exposure is a significant business risk, many companies remain woefully unprepared. Cyber crime is expected to cost $6 trillion globally by 2021, and these incidents affect businesses of all sizes. In fact, as many as 43% of all cyber attacks are aimed at small businesses, and the average cost of an incident is $200,000.
What Damages Are Covered by Cyber Liability Insurance?
Cyber liability insurance is a specialized insurance product designed specifically with cyber exposures in mind. Modern policies cover damages related to malign cyber activity and are more comprehensive than ever before. CGL insurance will pay for both first- and third-party costs associated with a cyber breach.
First-party costs include the costs associated with notifying affected customers and employees of a data breach, as well as investigating the source and effects of the breach. Examples of first-party costs include the following:
- IT forensic costs
- Notification costs
- Credit protection costs
- Crisis management costs
- Crime and social engineering costs
Third-party costs cover the legal aspects of a data breach, including legal fees and the costs of settlements, civil awards, or judgments resulting from a lawsuit. Examples of third-party costs include the following:
- Breach of contract.
- Negligent protection of data.
- Network security breaches.
- Transmission of software viruses.
- Denial of service attacks.
- Defense of regulatory actions related to a breach.
- Fines, penalties, and assessments.
Cyber liability policies also cover additional costs associated with cyber extortion, business interruption, and digital damage assessments. Given that the average cost of a breach is $3.86 million, having a cyber policy in the event of an attack could make the difference in the survival of your clients’ businesses.
To learn more about cyber insurance and what cyber liability policies cover and exclude, join our Cyber IQ Comparative Rate Platform Broker Registration today! Or, speak with a ProWriters expert to learn how we can start helping you better serve your clients.