The New Climate of Cyber Security
As business organizations worldwide advance in complexity, cyber insurance is an increasing priority in maintaining online security. Breaches of sensitive employee and customer data in today’s technological era are a threat to any business and serve as a reminder that understanding technology’s complexities are vital.
This is especially the case considering that cyber liability insurance policies are subject to change every month as the advanced methods of cyber risks fluctuate constantly. For example, since the Covid-19 pandemic began in 2020, business practices have been devastated, with remote work suffering a 630% increase in cloud-based attacks.
Outlined below is a guideline for the basics of cyber liability insurance.
What Is Covered By Cyber Liability Insurance?
Most cyber liability insurances cover the general blanket of the most common cyber attack occurrences, ranging from data breaches, malware attacks, phishing attacks, and ransomware.
- Data Breach: A Data Breach is the intentional and unintentional release of private information or data to an unauthorized third party. It usually involves customer data, financial information, or inside knowledge of businesses.
- Malware Attack: Instability and damage are caused to a device (phone, computer, etc.) by malicious software embedded by a third party, typically intended for a business environment through an email or domain-spoofing.
- Phishing Attack: Commonly delivered through email and text messaging, phishing attacks are social engineering tactics that intend to retrieve sensitive information or data by fraudulent electronic communication.
- Ransomware: A malware attack where a ransom is held for encrypted information or data. This attack is often delivered on the promise that information or data will be released once the company pays the ransom.
Types of Security Provided by Cyber Liability Insurance
Privacy, security, operational, and service risks are companies’ most problematic risks, and larger businesses are especially vulnerable to cyber-attacks. Thankfully, cyber insurance helps provide business security by implementing four separate insuring agreements.
- Network Security: Crucial for many companies is network security coverage for information and privacy risk coverage. Network security failure will be covered by this agreement when it’s likely related to data breaches, malware infections, cyber extortion demand, ransomware, or business email compromise.
The following first-party costs that are suffered are the event of a cyber attack are addressed under Network Security Coverage:
- Legal expenses
- IT forensics
- Ransomware demand payment and negotiation
- Data restoration
- Consumer breach notifications
- Call center setups
- Expertise in public relations
- Identity restoration and credit monitoring
- Privacy Liability: Privacy Liability coverage is another vital asset for companies vulnerable to information and privacy risks. Liabilities resulting from a cyber attack or privacy law violation are covered under this agreement. These third-party expenses often result from various liabilities, ranging from contractual obligations to investigations regulated by governments and law enforcement.
Outlined below are two examples of coverage under privacy liability:
- Potential settlement funding after the occurrence of a cyber attack or data breach, along with organization defense from consumer class action litigation.
- Regulatory government or law enforcement investigations, both federal and foreign, result in legal expenses, fines, or penalties.
- Network Business Interruption: This policy is the ideal choice for companies who rely significantly on technology to operate their business, providing security and coverage regarding increased cyber operations risks. Personal networks or those of a secondary provider you rely on will be able to recover profits lost, additional costs, and fixed expenses that were the consequence of a business being the victim of a cyber attack.
This includes losses from cyber breaches such as:
- Third-party hacks which resulted in security failures
- Human error or failed software patches that were the result of a system failure
- Media Liability: Media Liability applies to business services advertising by covering any resulting intellectual party infringement other than patent infringement. Printed and online advertising involving social media activity is the most commonly covered under this agreement.
- Errors and Omissions: Meeting contract-based obligations and deadlines and delivering timely service to customers may be hindered in the face of a cyber attack. Claims that resulted from performance errors or failed service performance are covered under an Errors and Ommissions policy.
Lawyers, doctors, architects, and engineers are a few professionals who can utilize E & O coverage for their business practices, along with technology services such as software management and customer consulting.
In case of contract breaches or negligence accusations, E&O coverage will also address these situations. In addition, legal defense fees, customer lawsuits, and disputes resulting in indemnification fit into this category under certain circumstances.
Cyber Insurance Policies Are Not A One-Size-Fits-All
Many cyber coverage policies include a personalized combination of the coverage elements outlined above, with the fundamental agreements covered fully to policy limits in an adequately brokered cyber insurance policy. Additionally, regarding new buyers and business practices needing to be better understood and established, various coverage options are available that are more nuanced yet provide sufficient coverage.
Here are a few examples:
- Social Engineering: Social engineering coverage keeps businesses secure against fraudulent funds transfers, such as the risk of profit from persistent phishing emails. An all too common occurrence of this happening is when a malicious cyber hacker tricks an employee into transferring funds from a bank account.
Several current crime insurance policies utilize social engineering coverage, and it’s not uncommon to find them at higher sub-limits with more excellent coverage compared to insurance policies that are more cyber-specific.
- Reputational Harm: Reputational Harm involves brand reputation damage of a business due to the continuous profit loss sustained from a cyber attack. Generally, this is limited to a specific period in the wake of a publicized cyber attack, resulting in a public aversion to the company.
Cyber Insurance Exclusions: What’s Not Typically Covered
It’s essential to know that all cyber insurance policies limit what they can cover. These include:
- Foreseeable lost profits in the future
- Intellectual property theft that results in the loss of value
There are several grey areas regarding specific damages that insurance policies will pay, and you should never assume that your current policies will act as a general blanket under all cyber-attack occurrences.
Steps for those who were victoms of a cyber attack
If you were the victim of a cyber attack at your home or office, it’s really important to be in touch with an advocate as soon as possible. Public adjusters who specialize in cyber security can help navigate the murky insurance claim waters and ensure that you’ll receive the appropriate compensation as quickly as possible. They also do all the paperwork and investigations for you so that you can focus on rectifying the unfortunate situation. Crestview Public Adjusters has helped many people with cyber claims and we’re confident that we’d be able to help you as well. Call today for a free consultation.