Reading time: 3 minutes
Most businesses understand the risk posed by the growing number of cyberattacks each year. The sharp increase in incidences has prompted many to review and enhance their policies, procedures, guidelines, and processes. While necessary components, many often miss the additional protections cyber insurance offers. This type of insurance protects against first-party issues, such as business interruption and data loss, and third-party issues, such as privacy and network security liability. According to a recent Fortune magazine article, an increase in state-sponsored cyberattacks can result in an increased difficulty in obtaining coverage, in which case a creative combination of cyber insurance and good cyber hygiene can help an organization mitigate risk.
Unfortunately, cyber insurance can be confusing because of the large number of coverage options available. To help our clients and prospects navigate this changing landscape, JLK Rosenberger has summarized the key details below.
What is Cyber Insurance?
It is a specialized type of insurance covering losses or damage resulting from a cyber-attack. The insurance also helps cover expenses related to breach investigation, recovering data, notifying customers, repairing damaged systems, and, most importantly, defending against legal actions. The scope of coverage and cost of policies vary depending on the level of risk and specific needs of an organization.
Like most insurance products, several types of policies have various coverage options. However, two broad types of coverage options are available, including first- and third-party cyber insurance.
First-Party Cyber Insurance
This policy covers an organization for losses that directly arise from the incident. Coverage is extended only to the policyholder’s losses and typically covers:
- Incident Response – Most policies will cover eligible expenses related to the investigation and response to an attack, including IT forensics, legal consultation, and public relations.
- Business Interruption – The reality is that the disruption to the business to deal with the cyberattack often means loss of revenue and, worse yet, customers. This coverage provides protection against the losses incurred from business interruptions.
- Data Loss & Restoration – Restoring lost data can be one of the most time-consuming tasks associated with incident recovery. The most notable example is the proliferation of ransomware attacks. This coverage protects against the cost of restoring lost or damaged data.
- Extortion – When data is stolen, it is common for cybercriminals to attempt to extort a business in exchange for the return of data. This insurance covers the cost of responding to ransomware or other types of cyber extortion.
- Notification & Credit Monitoring – Covers the cost of notifying impacted parties and providing ongoing credit monitoring.
Third-Party Cyber Insurance
This type of policy provides coverage to an organization against losses from an incident that impacts third parties such as customers, partners, or vendors and typically covers:
- Privacy Liability – The costs associated with defending against claims resulting from the breach of personally identifiable information (PII) such as Social Security, credit card, driver’s license, and policy numbers.
- Network Security Liability – Protection against costs associated with defending against claims related to network security failures, such as denial of service attacks or virus transmission.
- Errors & Omissions Liability – This provides protection against the costs incurred defending against claims related to errors or omissions in the provision of technology products and services, such as software or consulting. Since a cyber event can prevent a business from fulfilling contractual obligations such as providing agreed-upon services, it is important coverage to consider.
We’re Here to Help
Cyber insurance is an essential component of a comprehensive cybersecurity plan. Given the number of insurance products available, it is vital to consult a qualified advisor to assess the situation and determine the best coverage options. Even if your organization already has cyber insurance coverage, consider a review of the policy and an update to your cybersecurity program. In some cases, you can even save on the premium and if nothing else, strengthen your organization’s cybersecurity posture.
If you have questions about the information outlined above or need assistance with a cybersecurity need, JLK Rosenberger can help. For additional information, call 818-334-8626 or click here to contact us. We look forward to speaking with you soon.