What is cyber liability insurance?

Cyber liability insurance typically covers financial losses and expenses resulting from a cyberattack or data breach. The types of coverage are divided into first and third-party protections (detailed below), with additional options available based on the type of policy.

First-party coverage

First-party coverage helps businesses cover the direct costs of a cyberattack. The Federal Trade Commission (FTC) lists the following example costs:

• Legal expenses to determine notification and regulatory obligations
• Recovery and replacement of lost data
• Customer notification and call center services
• Lost income due to disruption
• Crisis management and PR
• Cyber extortion and fraud
• Digital forensic series to investigate the crime
• Fines, fees, and other penalties related to the incident

Third-party coverage

Third-party coverage addresses liability if a third party files a claim against you resulting from the cyberattack. According to the FTC, this coverage could extend to:

• Payments to affected customers
• Claims and settlement expenses
• Losses related to defamation, copyright or trademark infringement
• Costs for litigation or regulatory inquiries
• Accounting costs
• Any other settlements or damages up to the coverage limit

Additional coverage options

First and third-party insurance covers many use cases for cyber liability insurance but there are instances that it does not cover. In these cases, you may be able to purchase additional coverage for additional protection for these scenarios. This can include:

• Coverage for cyber extortion and fraud
• Fines not covered by first or third-party coverage
• Coverage for navigating ransomware attacks

• Future profit losses resulting from a cyber attack
• Decreases in company value
• Upgrades to your security system in the aftermath of an attack

Yes. While there is an overlap between cyber liability and data breach insurance, they are different. Data breach insurance is narrower than cyber liability insurance. It tends to focus on data breaches specifically, helping small businesses quickly react after a data breach. This coverage may include:

• Notifying affected customers, patients, or employees
• Hiring PR resources
• Offering credit monitoring services to victims of the data breach
• Business income and extra expenses related to the breach
• Prior acts coverage, to cover claims related to breaches that happened before the policy’s activation date
• Extortion coverage

Cyber liability insurance is similar to data breach insurance in terms of coverage but also provides financial assistance with expenses related to litigation, regulatory fines, etc.

Cyber liability insurance is not a mandatory business insurance coverage, but the costs associated with a cyberattack can be considerable. Do your research when you assess your risks and consider what sorts of data you handle. Cyber liability insurance can be useful if you deal with particularly sensitive data such as:

• Customer personal information
• Employee personal information
• Confidential business data

Most states now require companies to notify individuals if a data breach may have compromised their personal information, according to the FTC. Federal laws also require most institutions to notify individuals if their personal health information has been compromised. Other compromised information could include Social Security numbers, driver's license or passport numbers, financial information (such as account numbers), digital signatures, or passwords, explains PrivacyRights.org.

Check to see if your existing business owners policy (BOP) includes data cyber liability insurance, it may help pay for expenses related to notifying affected individuals after a data breach.

The first step you can take to reduce your risks of data breaches is to reduce the number of potential vulnerabilities by restricting employee access to sensitive customer or employee information, explains the FTC. Only allow access to information that is relevant to an individual’s job functions.

Enforce strong password policies

Ensure that your employees are using strong passwords. Require employees to use complex passwords with a combination of letters, numbers, and special characters. Make sure that everyone knows what a secure password means.

Additionally, you can opt-in for two-factor authentication or multi-factor authentication (MFA) explains the National Cybersecurity Alliance. This feature requires users to provide an additional identifier (such as a code sent to their phone, a fingerprint, a notification in another app, etc.) to verify that it’s actually the person trying to login.

Update your software regularly

By updating software in a timely manner (such as operation systems, applications and firmware), you can help lower the chance that cyber criminals exploit software vulnerabilities, says the Cybersecurity & Infrastructure Security Agency (CISA). This extends to applications that process internet data, such as browsers, browser plug-ins, document readers, and more.

Back up your data offline

Maintaining offline backups of data can help you get your systems back up if you are the victim of an attack, according to CISA. It is important to have a copy offline, as certain ransomware attacks target deleting backups of your system that are accessible online.

Educate your employees

Finally, training your employees on good cyber hygiene and how to identify phishing scams and other potential threats is vital to shoring up your business’ readiness.

If a data breach occurs at your business despite your best efforts, cyber liability insurance and data compromise coverage can help you respond to the crisis. To learn more about this coverage and other coverage options available for your business, contact your insurer.