Risk Management · July 29, 2021

Managing Threats With Cyber and Data Risk Insurance

In recent years, cyberattacks and security breaches against businesses have increased in frequency and severity, leaving many organizations wondering how best to protect themselves against these threats. Having the right insurance coverage in place can be a key tool in this effort. An individualized cyber and data risk insurance policy can help manage the impact of a cyberattack or data breach, protect businesses from financial damage, safeguard customer information and minimize downtime.

What is cyber insurance coverage?

A cyber insurance policy generally covers the cost for a business to recover from a data breach or other cyberattack, as well as any legal claims resulting from the breach. Any business that stores sensitive data—whether on a network or in the cloud—should have a cyber insurance policy.

Unlike most traditional insurance policies, there's no standard policy form for cyber insurance, and what policies cover can vary greatly based on the insurer. However, there are generally two types of cyber insurance policies: first-party coverage and third-party coverage.

First-party coverage

First-party coverage usually covers the immediate and direct expenses that result from a cyberattack. These include:

  • Notifying employees and customers
  • Legal expenses resulting from the data breach
  • Repairing or replacing any damaged software or hardware
  • Business interruption or lost business opportunities while your network is down
  • Credit monitoring for customers
  • Any ransomware or extortion payments

Third-party coverage

Third-party coverage helps the company defend against lawsuits brought by customers and other parties as a result of the cyberattack or a data breach. This policy covers:

  • Consumer class action lawsuits or potential settlement funds
  • Legal fees and fines resulting from a regulatory investigation
  • Media liability claims, such as libel or slander
  • Breach of contract or negligence claims

Cyber and data risk insurance doesn't, however, cover costs associated with damage to the business brand, loss of revenues after normal business operations resume or drops in share price or market shares that may have resulted after the cyberattack or data breach.

Managing liability risks

One thing to keep in mind when exploring cyber insurance policies is what personal information is covered and how it's defined. After all, the biggest reason to invest in a cyber insurance policy is to address your company's liability for privacy or identity theft injuries, including the disclosure of private information or failure to comply with privacy laws.

Some policies will list specific personal information that it covers, such as name, address, social security number, health information, financial information and more. A better, more future-proof approach is a policy that covers a broad definition of personal information, encompassing anything used to identify a specific individual or subject to privacy law, including the Fair and Accurate Credit Transactions Act and the Health Insurance Portability and Accountability Act, or HIPAA.

Global protection

Cyberattacks and data breaches can come from anywhere in the world, so it's a good idea to have a policy that prepares and protects your company from threats and claims originating from anywhere. Many traditional and property insurance policies include a war exclusion, which stipulates that damages incurred as a result of hostile or war-like actions by a state or nation-state actors won't be covered. Luckily, most cyber insurance policies don't include a war exclusion and will pay out when a private company is attacked by a state-backed hacker or cyber-terrorist.

Choosing the right coverage

Cyber insurance can help business owners respond effectively to a breach, cover associated costs and quickly move on from an attack. With the increasing frequency of data breaches, ransomware attacks and phishing scams, cyber insurance is an added layer of protection that enables businesses to call upon insurers in their moment of need.


Financial insights for your business

No results found

This information is provided for educational purposes only and should not be relied on or interpreted as accounting, financial planning, investment, legal or tax advice. First Citizens Bank (or its affiliates) neither endorses nor guarantees this information, and encourages you to consult a professional for advice applicable to your specific situation.

Links to third-party websites may have a privacy policy different from First Citizens Bank and may provide less security than this website. First Citizens Bank and its affiliates are not responsible for the products, services and content on any third-party website.