Like many businesses, your company probably uses computers to send, receive, or store electronic data. Such data might include sales projections, tax records, client privileged data, and other information owned by your business. If the data was lost, stolen or damaged due to a security breach (hack), it could be very costly to recover or restore.

Your IT system might also contain sensitive data that belongs to other parties such as customers, employees, or vendors. If the data is lost, corrupted, or compromised by a hacker, the owners might sue your company for damages. You can protect your business against the costs associated with a possible data breaches, data loss or data corruption by purchasing a cyber liability policy.

What Is Cyber Liability Coverage?

Cyber liability insurance covers financial losses that result from data breaches and other cyber events. Most cyber policies have the option to include both first-party and third-party coverages. Some coverages may be included automatically while others are available as an extension.
First-party coverages pay expenses your company directly incurs as result of the breach. Third-party coverages apply to claims against your company by people or companies that have been “injured” as a result of your actions or failure to act. For instance, a client sues you for negligence after a hacker steals his personal data from your computer system and releases it online.
There are many variations of cyber policies, and not all policies are the same. Insurers provide a range of coverages and can allow buyers to choose the ones they need, or think they need.

Possible First Party Coverages

Some types of first-party coverages you may possibly obtain in a cyber liability policy are listed below. These coverages are usually subject to a deductible.

• Loss or Damage to Electronic Data - Covers the cost to replace or restore electronic data or programs damaged, destroyed or stolen in a data breach, whether the data belongs to your company or someone else. Losses must result from a covered peril such as a hacker attack, a virus, ransomware, or a denial of service attack. Policies may also cover the cost of hiring experts or consultants to help preserve or reconstruct data.
• Loss of Income and Extra Expenses - Covers income losses you suffer and extra expenses you incur to avoid or minimize a shutdown of your business after your computer system fails due a covered peril. Some policies cover dependent income losses. These are income losses you sustain when your network provider's system has been breached.
• Cyber Extortion - Applies when a hacker breaks into your computer system and threatens to commit a immoral act like damaging your data, introducing a virus, initiating a denial of service attack, or releasing confidential data unless you pay a specified sum. Coverage typically extends to any extortion payment you make and expenses you incur in responding to the demand.
• Ransomware - is a form of malware in which rogue software code effectively holds a computer, or multiple computers, hostage until a "ransom" fee is paid. Ransomware often infiltrates a PC, or network, as a computer “worm” or “Trojan horse” that takes advantage of open security vulnerabilities.
• Damage to Your Reputation - Some policies cover costs you incur for marketing and public relations to protect your company’s reputation following a data breach. This coverage may be called Crisis Management.

Each cyber liability policy contains a unique set of terms, and to understand the policy, you need to know what the terms imply.

Possible Third-Party Liability Coverages

The liability coverages afforded by a cyber policy are usually claims-made. Coverage typically applies to damages or settlements that result from covered claims as well as the cost of your defense.
A cyber liability policy may include a retention value, an amount you must pay out of your pocket before the insurer will make a payment. Some of the possible coverages are included in the list below:

• Network Security and Privacy Liability - Covers claims against your company for negligent acts, errors or omissions that result in a denial of service attack, unauthorized access, introduction of a virus, or other security breach of your computer system. Also could cover claims alleging you failed to properly protect sensitive data stored on your computer system. The data may belong to customers, clients, employees or to other parties.
• Electronic Media Liability - Electronic media liability insurance usually covers lawsuits against you for acts like libel, slander, defamation, copyright infringement, invasion of privacy or domain name infringement. Generally, these acts are covered only if they result from your publication of electronic data on the Internet.
• Regulatory Proceedings – Can possibly cover fines or penalties imposed on your company by regulatory agencies that oversee data breach laws. Also covers the cost of hiring an attorney to assist in your defense to a regulatory proceeding.

The Overview

Cyber liability policies protect your business from claims and expenses resulting from a data breach. Policies are not standardized and each one contains unique terminology that is both financial and Information Technology based. Most policies are flexible so you can choose the coverages you require. It would be important to note that a cyber liability policy does not cover any physical damage to equipment whatsoever. A cyber policy is intended to cover the data which, at times, can be more costly than the physical hardware itself. To obtain cover for the physical hardware, you would need to consider a Computer All Risk policy, or a Property All Risk policy.

If you should have any doubt as to the value of a cyber liability policy, we would suggest that you have a look at your existing policy(s), and note that, generally speaking, “Cyber Risk” is a direct exclusion to most policy’s. Contrary to various publications, this is a specialized policy so please contact us for further assistance.


Return to Insurance Types »