Businesses rely on data for just about everything these days, so it’s no surprise that data breaches are becoming more and more common. Data breaches, also called cyber attacks, occur when a hacker gets access to sensitive data and protected information that is stored on the internet, servers, computers, and personal devices.
Regardless of the size of your business, data breaches can be incredibly costly. Data breaches can happen to any organization, but they are especially common among small businesses that often lack robust security measures. To protect against potential breaches, I recommend that all business owners look into data breach insurance and consider adding it to their insurance portfolio.
What is cyber liability insurance?
As the name suggests, cyber liability insurance protects your business against legal and financial fallout from cyber attacks. It covers things like your attorney fees and notifying customers of a breach, but I’ll talk more about that later.
There are lots of different types of data breaches, and a good cyber liability insurance policy will cover most of them. That includes standard data breaches, as well as ransomware attacks, DoS and DSoS attacks, phishing scams, malware, and more.
For the purposes of this article, I’m going to use the terms cyber liability insurance and data breach insurance interchangeably. Although these can be sold as two separate policies, they offer virtually the same coverages. Data breach insurance is sometimes less robust because it only covers your financial responsibility.
What does cyber liability insurance cover?
Cyber liability insurance covers business expenses related to a data breach or cyber attack. But there are actually two types of cyber liability insurance—first-party and third-party.
Here’s a look at what each of these policies covers.
First-party cyber liability insurance
First-party cyber liability insurance will cover your business’s immediate expenses after suffering a data breach. You can use your insurance coverage to pay for things like:
- Notifying customers of the breach.
- Credit monitoring services for affected customers.
- Fixing the vulnerability that caused the attack.
- Hiring a PR team for damage control and reputation management.
- Business interruption costs for the time that your systems were offline.
- Extortion money in the event of a ransomware attack.
Here’s an example of when first-party cyber liability insurance would come in handy. Let’s say you own an online clothing boutique, and a hacker gets access to your customers’ stored credit card information. In this case, your first-party cyber liability insurance would pay for you to notify the customers of the breach, offer free credit monitoring, and hire an IT professional to patch the system.
Third-party cyber liability insurance
Third-party cyber liability insurance specifically covers your business’s legal fees and court costs if a client or customer sues your company over a data breach that causes them financial loss. Here are some expenses that it will cover:
- Your lawyer fees.
- Court settlements with the third-party.
- Judgments if you are found responsible.
- Government penalties and fines if your business gets investigated or audited.
I’ll build on the example from above to illustrate how third-party liability insurance works. So, your customers’ credit card information was leaked, and let’s say that the hacker used one of those credit cards to buy a Ferrari. Naturally, the customer finds out, gets angry, and sues your business. In this case, third-party cyber liability insurance would cover all of your legal fees, as well as a settlement with the customer if you are found to be at fault.
What cyber liability insurance does not cover
Cyber liability insurance is pretty comprehensive, but it doesn’t cover any expenses that are not directly related to a data breach or cyber attack. Every policy will include different covered losses, but here are some of the things that are generally never included in a cyber liability insurance policy:
- Third-party bodily injury liability claims.
- Third-party property damage liability claims.
- Employee fraud and theft.
- Criminal activity.
This might go without saying, but cyber liability insurance only covers your business. It doesn’t provide any protection for yourself as an individual. So, for example, if your personal data was exposed in the infamous Equifax cyber attack in 2017, you wouldn’t have any protection under your business’s cyber liability insurance policy. In this case, Equifax would use their data breach insurance to cover their losses and make things right with its affected customers.
There’s one very important point I want to make here. When you purchase cyber liability insurance, you’ll have to agree to put certain security measures in place to prevent a data breach from occurring in the first place. If your business is hacked, and your insurance company later finds that the breach occurred due to inadequate network security, it’s possible that your claim could get denied.
How data breach insurance works
Data breach insurance works like any other type of business insurance. Your policy has a premium, a deductible, and a coverage limit.
The premium is the amount of money you pay each month (or year) to keep your policy in force. The deductible is the amount of money you have to pay out-of-pocket towards a claim before the insurance company will reimburse you. Lastly, the coverage limit is the maximum amount of money that your insurance provider will give you after a covered loss.
If your business is targeted by a data breach or cyber attack, you’ll contact your insurance company and notify them of the incident. They’ll probably send you a bunch of claim paperwork to fill out and return with evidence of the breach, like a ransomware email, intrusion notifications, or abnormal network activity.
Your insurance company will investigate the claim, and if it’s approved, you’ll receive a check to cover the necessary expenses, minus your deductible. Just keep in mind that once you file a cyber liability insurance claim, it’s likely that your premium will go up.
Who needs cyber liability insurance?
If your business handles sensitive data, like customer names, dates of birth, email addresses, Social Security numbers, credit card numbers, or bank account information, you need cyber liability insurance. It’s that simple.
While it’s true that some professional liability insurance policies include data breach coverage, it’s usually not enough in the event of a major attack. That’s why I recommend that all businesses invest in standalone cyber liability insurance.
Now, I know what you’re probably thinking. Maybe something along the lines of, “my company’s online systems are 100% secure—we would never get breached.” Or, you might be thinking something like, “only big businesses get hacked. Why would any hacker want the information my business stores?”
Here’s the honest truth. Businesses of all sizes, and in every industry, can and do get targeted by hackers. It’s true that large businesses suffer attacks more often, but a report from Hiscox found that 47% of businesses with less than 50 employees reported at least one data breach incident in 2019. That figure is up from 37% the year prior.
If you’re still contemplating cyber liability insurance, it’s a good idea to ask yourself what you would do if your business was attacked right now. Do you have an IT security team on speed dial? Do you have the funds to cover a six-figure lawsuit? Would the lost income have any effect on your business’ operations or your ability to pay employees?
Even if you never suffer a breach (and hopefully you don’t), at least you have peace of mind knowing that you’re covered if the unthinkable happens.
How much is data breach insurance?
If you’re like me, one of the biggest deterrents to purchasing any type of insurance is the cost. I know how valuable insurance can be, especially for a business, but paying for something you might not ever use can feel unnecessary. But trust me when I say the cost of cyber liability insurance is worth it.
Like all types of insurance, the cost of cyber liability insurance is different for every business. Your premium is based on factors such as:
- The number of employees you have.
- The industry your business operates in.
- The number of insurance claims your business has filed in the past.
- The amount and types of data that your business stores.
- The security measures you have in place to prevent a breach.
- The insurance company that underwrites your policy.
The only way to know for sure how much you’ll pay for cyber liability insurance is to apply for coverage and get a personalized quote. However, I will say that data breach insurance tends to be more expensive than other types of business insurance because the claim payouts are usually pretty pricey.
Fortunately, there are a few things you can do to keep your cyber liability insurance cost low. One of the best things you can do is invest in robust security software and equipment that mitigate risk and safeguard sensitive information.
Also, make sure that your employees have cybersecurity training. They should know how to spot a phishing email, how to detect system vulnerabilities, and how to stay safe on the internet. Insurance companies want to see that your business is privy to these risks, and can spot them quickly.
The last suggestion I have for saving money on cyber liability insurance is to bundle your business insurance policies. Many insurance companies will reward you with a lower premium if you purchase multiple insurance policies, like business liability insurance and data breach insurance.
Where to get cyber liability insurance
Cyber liability insurance may not be as common as professional liability insurance or commercial property insurance, but it’s available from most insurance providers that sell business policies.
Most insurance companies offer coverage anywhere from $100,000 to $5 million and above. The amount of coverage you need is going to be different for every business, and you can ask yourself some basic questions to get started:
- How secure is your system?
- How many customers would you have to notify if their information got stolen?
- Could you afford to pay for an IT team to patch the system flaw?
- What’s the chance that a potential breach would put your company in the local news?
- Could a breach take your company offline for multiple days or longer?
The higher your coverage limit is, the higher your premium will be. But don’t skimp on coverage just because you want to avoid paying an expensive rate. If your data breach insurance policy doesn’t cover the full cost of a claim, you’ll have to pay the rest out-of-pocket. And remember—the average cost of a cyber attack on a small business is more than $2.5 million.
Cyber liability insurance isn’t legally required, and unlike general liability and professional liability insurance, you won’t need it to get an office lease or sign a contract with a client. However, I still highly recommend this type of insurance for every business owner who’s handling sensitive information.
Cyber attacks are no joke, and they can happen to any business at any time. Trust me when I say that even the most secure businesses are susceptible to motivated hackers. Fortunately, a cyber liability insurance policy can protect your business legally and financially in the event of a breach.
So, if I’ve convinced you to invest in a cyber liability insurance policy, start looking at providers and chat with an agent to figure out how much coverage you might need. Use my suggestions to keep your premium low, and review your coverage every year to make sure it’s adequate.
Most importantly, though, I urge you to take a look at your security systems and put measures in place to mitigate risk. There are lots of affordable security software on the market that can strengthen your network. As you scale, you might even think about hiring an IT-focused employee who can have eyes on your network at all times.