The digital revolution has transformed the way business is conducted. Messages are communicated swiftly via email, payments are cleared online, and vendor and customer info is stored in databases for easy access. This has increased the pace of business and given rise to new value creation.
But it has also resulted in new security vulnerabilities and opportunities for criminals, who have almost unlimited digital means to steal data, assets, or otherwise disrupt business. To guard against data loss and cyber attacks, businesses need cyber insurance coverage.
Business leaders may have lingering questions and find themselves wondering, “What exactly is cyber insurance and why do I need it?”
To explain the answer, we will break this down into three sub-questions:
What is cyber security?
What is cyber insurance coverage?
Why do you need cyber insurance?
What Is Cyber Security?
The U.S. Department of Homeland Security defines cyber security as the art of protecting networks, devices, and data from unauthorized access or criminal use and ensuring the confidentiality, integrity, and availability of information.
According to the World Economic Forum’s Regional Risks for Doing Business Report, cyber attacks and data theft or fraud are considered among the greatest threats to businesses in North America and Europe.
Cyber criminals are more likely to be successful when their targets have inadequate cyber defenses or fail to follow best practices. A strong cyber security framework must consist of the following:
- Network security that controls incoming and outgoing traffic to block threats from infiltrating
- Access control with multi-factor authentication and deliberate permissions planning
- Up-to-date software with patches installed
- Antivirus scans to regularly remove malicious threats
- Data loss prevention (DLP) processes to ensure sensitive data is not lost or misused
- Employee training on cyber defense awareness and best practices
- Compliance with industry and government regulations
What Is Cyber Insurance Coverage?
Most businesses are familiar with general liability coverage, property liability, and auto insurance. While these insurance programs cover exposures such as personal injury and property damage, a cyber liability policy is designed to cover privacy, data, and network exposures that can result from a cyber attack.
According to PwC, one-third of U.S. companies have purchased some sort of cyber insurance. But in this digital era, all businesses have cyber risk. This leaves the remaining two-thirds of companies without coverage in the event of a cyber breach.
The nature of cyber threats are constantly evolving and can come in various forms including:
- Theft of funds
- Theft of trade secrets and intellectual property
- Data breach
- Distributed Denial of Service (DDoS) attack
- Social engineering
- Cyber extortion
As costly as these cyber attacks can be, it is often the crisis mitigation following an attack that drains far more resources from the victim—all the more reason to have robust cyber insurance coverage.
Why Do You Need Cyber Insurance?
Cyber insurance covers exposures unique to digital threats that your commercial general liability and errors and omissions insurance will not cover. Without cyber coverage, a business could be left paying out of pocket for damages related to a cyber breach and the costs that follow including crisis services, third-party damages, and legal costs.
Take the 2011 PlayStation Network breach as a cautionary tale. Hackers gained access to 77 million gamer accounts that included names, birth dates, addresses, email addresses, and in some cases, credit card info. The gaming service was down for days, costing Sony and partner game publishers millions of dollars in lost business. In the aftermath of the breach, 55 class-action lawsuits were filed in the US, for an estimated payout of more than $130 million.
Unfortunately, Sony did not hold cyber insurance. Its insurer, Zurich American Insurance Co., argued in court that Sony’s policy only covered “bodily injury, property damage, or personal and advertising injury,” not cyber damages. Sony was left to foot the bill on its own.
To avoid a situation like the one Sony experience, businesses must have a cyber insurance policy that matches their cyber risk profile.
Look for the following first-party coverages in a strong cyber insurance plan:
- IT Forensics Costs to cover the expense of tracking down the source of the computer system breach
- Notification Costs to notify individuals, businesses, and regulators following a breach
- Credit Protection Costs to provide credit monitoring services to the affected parties
- Crisis Management Costs to cover media liability costs, the cost of hiring a public relations firm, and a breach coach
- Crime and Social Engineering Coverage to help recoup funds that were involuntarily removed from accounts
Third-party liability coverage is also recommended for companies that host valuable partner data or network services. This can cover the costs of a personal identifiable information (PII) data breach, breach of contract, the transmission of software viruses, or regulatory actions brought forth.
Additional cyber insurance endorsements can include coverage for cyber extortion, cyber business interruption, and digital asset damage.
It’s best to work with an information security expert to determine which digital vulnerabilities should be covered in a cyber insurance program.
Tackle Cyber Risk Management with ProWriters
Cyber insurance can’t prevent an organization from falling victim to a cyber attack, but it can help to manage the risk, and ensure recovery should an attack occur.
ProWriters has the experience and expertise to help agents quickly find the right coverage for complex cyber exposures. Our long-standing partnerships with 30+ top cyber insurance companies mean agents and their clients will have the luxury of choice when it comes to safeguarding sensitive data and digital operations.