Managing Threats With Cyber and Data Risk Insurance
In recent years, cyberattacks and security breaches against businesses have increased in frequency and severity, leaving many organizations wondering how best to protect themselves against these threats. Having the right insurance coverage in place can be a key tool in this effort. An individualized cyber and data risk insurance policy can help manage the impact of a cyberattack or data breach, protect businesses from financial damage, safeguard customer information and minimize downtime.
What is cyber insurance coverage?
A cyber insurance policy generally covers the cost for a business to recover from a data breach or other cyberattack, as well as any legal claims resulting from the breach. Any business that stores sensitive data—whether on a network or in the cloud—should have a cyber insurance policy.
Unlike most traditional insurance policies, there's no standard policy form for cyber insurance, and what policies cover can vary greatly based on the insurer. However, there are generally two types of cyber insurance policies: first-party coverage and third-party coverage.
First-party coverage usually covers the immediate and direct expenses that result from a cyberattack. These include:
- Notifying employees and customers
- Legal expenses resulting from the data breach
- Repairing or replacing any damaged software or hardware
- Business interruption or lost business opportunities while your network is down
- Credit monitoring for customers
- Any ransomware or extortion payments
Third-party coverage helps the company defend against lawsuits brought by customers and other parties as a result of the cyberattack or a data breach. This policy covers:
- Consumer class action lawsuits or potential settlement funds
- Legal fees and fines resulting from a regulatory investigation
- Media liability claims, such as libel or slander
- Breach of contract or negligence claims
Cyber and data risk insurance doesn't, however, cover costs associated with damage to the business brand, loss of revenues after normal business operations resume or drops in share price or market shares that may have resulted after the cyberattack or data breach.
Managing liability risks
One thing to keep in mind when exploring cyber insurance policies is what personal information is covered and how it's defined. After all, the biggest reason to invest in a cyber insurance policy is to address your company's liability for privacy or identity theft injuries, including the disclosure of private information or failure to comply with privacy laws.
Some policies will list specific personal information that it covers, such as name, address, social security number, health information, financial information and more. A better, more future-proof approach is a policy that covers a broad definition of personal information, encompassing anything used to identify a specific individual or subject to privacy law, including the Fair and Accurate Credit Transactions Act and the Health Insurance Portability and Accountability Act, or HIPAA.
Cyberattacks and data breaches can come from anywhere in the world, so it's a good idea to have a policy that prepares and protects your company from threats and claims originating from anywhere. Many traditional and property insurance policies include a war exclusion, which stipulates that damages incurred as a result of hostile or war-like actions by a state or nation-state actors won't be covered. Luckily, most cyber insurance policies don't include a war exclusion and will pay out when a private company is attacked by a state-backed hacker or cyber-terrorist.
Choosing the right coverage
Cyber insurance can help business owners respond effectively to a breach, cover associated costs and quickly move on from an attack. With the increasing frequency of data breaches, ransomware attacks and phishing scams, cyber insurance is an added layer of protection that enables businesses to call upon insurers in their moment of need.
Financial insights for your business
This information is provided for educational purposes only and should not be relied on or interpreted as accounting, financial planning, investment, legal or tax advice. First Citizens Bank (or its affiliates) neither endorses nor guarantees this information, and encourages you to consult a professional for advice applicable to your specific situation.