A company’s networks carry a unique loss potential. The potential exists for hackers/crackers, viruses and malicious code to cause damage throughout the entire virtual enterprise. The damage to your own computer system can also have a dramatic impact on your corporate stakeholders. Protect your business with a Cyber Liability Insurance policy.
Data drives the organizations of today’s world. Business of all sizes have had a cyber attack or data breach, with the average cost to rectify rising to $6.5 million per occurrence. One stolen laptop, one careless employee, a virus, or even paper records that fall into the wrong hands can create a financial and reputational consequence affecting your business for years to come. Cyber Liability can be defined as a risk posed by doing business over the internet, networks and electronic storage technology. The purchase of cyber liability insurance can mitigate both the first and third party risks caused by cyber liability. First-party is coverage purchased by non-IT firms for breaches to their systems. Third-party is coverage purchased by businesses responsible for the systems that allowed a data breach to occur.
In an effort to simplify what is new in the cyber world, the below are some descriptions of coverages that are relatively recent additions to cyber forms along with the limit ranges that are traditionally available in the marketplace. Of course, these are simply meant to be descriptions, not grants of coverage and one needs to read the policy for official terms and conditions.
This coverage is intended to replace hardware that is damaged or otherwise rendered useless as the result of a cyber attack. Generally, for coverage to apply, the attack will have to cause actual damage to the hardware, not just encrypted files or an operating system. Some carriers will also provide coverage under the “hardware replacement” wording to replace older hardware if it is a more cost effective and expedient manner to return the insured to their operations. Coverage is available anywhere from a $100k sublimit to full policy limits.
This coverage is intended to provide lost net income (not revenues) that would have been earned if not for damage to an insured’s reputation arising out of a publicly disclosed cyber attack. The indemnity period is very important for the class of business. For instance a 30 day period would work for a retailer as consumer purchasing can return in short order, but a law firm may lose clients for months and would need a longer period (up to 12 months is available in the marketplace). Limits are generally available from $1M up to full policy limits.
This coverage is intended to provide the insured the costs to hire an outside professional (usually a forensic accountant) to help compile a proof of loss to submit to the insurance company. A proof of loss is generally focuses on the business interruption and extra expense component of the loss, which is often the most difficult to prove. Limits are generally from a $25k to a $100k sublimit, although some will offer full limits. Most proof of loss are able to be completed in the $25k to $50k range.
This coverage is most commonly thought of as reverse social engineering coverage. It is triggered when an insured suffers a breach of their network, and the fraudsters send an email out from inside the insured’s network with amended payment instructions to a client or vendors. Then, payment is made to the fraudsters at the new bank, resulting in an uncollectible receivable for the insured. While the insured’s client or vendor may be partially be at fault of their not authenticating the change in payment instructions with the insured, these claims often involve business relationships, and the insured will utilize this coverage rather than asking their client or vendor for payment a second time. Limits range from $50k to $250k.
This coverage is intended to provide the insured reimbursement for an elevated utility bill when a compromise of their system leads to increased use of their computer systems resulting in a higher usage of power. Most commonly, cryptojacking is the coverage provided where the hackers take control of the insured’s computers and use them to solve complex mathematical equations in exchange for cryptocurrency (aka cryptomining). Some carriers will expand this to cover all utilities (not just power), which can include Amazon Wed Services Bills for instance. Limits range from $100k to $250k.
**Not all policies come with all of these coverages and please check quotes for actual terms and conditions.