With 2020 in the rearview mirror, many of us are distrusting about all things cyber. However, from ransomware attacks to headlining security breaches, cybersecurity is undeniably front and center. We can’t get away from it — and we shouldn’t. Although cyber liability insurance is meant to protect companies against such vicious losses, this coverage is often as clear as mud. So, let’s talk about the importance of cyber liability insurance and uncloud some common cyber terminology.
Why Cyber Liability Insurance Is Vital
When employers sent their teams home to work remotely, cybercriminals saw an opportunity to pounce. Unfortunately, it took an average of 207 days to identify a breach in 2020, and the average cost of a data breach neared $4 million. So, it’s no surprise that 68% of company leaders think cybersecurity risks are increasing.
Not even major corporations — Estee Lauder, Facebook, MGM Resorts, and Whisper — could sidestep malicious attacks this past year. Aside from those situations, here are a handful of the most costly data breaches of 2020 that display how vital cyber coverage is:
- Nintendo discovered a data breach when the hackers used stolen accounts to buy digital items. The criminals compromised 160,000 accounts.
- Over 5.2 million Marriott hotel guests experienced a breach against their sensitive data, including contact numbers, birthdays, and other linked accounts. The hackers stole two Marriott employee’s login credentials to gain access.
- Hackers stole more than 500,000 passwords from Zoom and put them up for sale in the dark web crime markets. Zoom participants also lost email addresses and other personal information to these cybercriminals.
- Twitter’s phishing attack impacted over 350 million people by influencing high-profile pages, including Joe Biden, Barack Obama, Bill Gates, and Elon Musk. The attackers targeted 130,000 profiles and made $121,000 bitcoin donations due to the attack.
- Microsoft experienced a breach impacting over 250 million customer records — some spanning 14 years — but didn’t report it until 2020.
Cyber Liability Insurance: Third-Party Cyber Coverages
To provide a brief explanation, cyber liability insurance protects companies from third-party lawsuits relating to electronic activities, such as phishing scams, ransomware attacks, etc. Additionally, this coverage provides many recovery benefits, supporting data restoration and reimbursement for income lost and payroll spent. However, there are a few separate pieces to what makes a well-rounded cyber policy.
First let’s consider third-party cyber coverage, designed for entities accountable for the systems or networks that hackers attacked. Usually, tech-focused companies, such as tech startups or software companies, fall into this category. Let’s first review the most common third-party cyber coverages:
- Media Liability: This part is coverage against allegations or errors and omissions in the course of your company’s communication of Media Content in electronic (website, social media, etc.) or non-electronic forms (i.e., defamation, libel, slander, emotional distress, invasion of the right to privacy, and copyright infringement). It usually doesn’t cover your actual product or technology. We do recommend intellectual property (IP) insurance for true IP infringement liability protection.
- Network Security and Privacy Liability: It covers against liability claims for actual or alleged failure to prevent unauthorized access to or use of a computer system. This portion also protects against the failure to prevent false communications, such as phishing, that corrupts, deletes, or damages electronic data, as well as theft of data and denial of service attacks against websites or computer systems of a third party.
- Payment Card Loss: This portion covers fees and assessments that your company becomes legally obligated to pay due to claims involving your company’s non-compliance with PCI Data Security Standards.
- Regulatory Proceedings: It provides coverage for insurable fines, penalties, and legal defense your company is obligated to pay due as a result of a claim made against your company by a government regulatory body because of a violation of Federal, State, local, or foreign privacy regulations.
- Technology Errors and Omissions: This part covers expenses and damages your company must pay due to a claim alleging a negligent act, error, omissions, or misrepresentation in your company’s rendering or failure to render technology services for others for a fee, usually through your platform or software.
- TCPA Defense Cost Coverage: It covers defense costs incurred by your company to defend against a claim for an actual or alleged violation of the Telephone Consumer Protection Act.
Cyber Liability Insurance: First-Party Cyber Coverages Cyber
In addition to third-party coverage, cyber liability provides first-party coverage. Typically, non-tech companies opt for this coverage to protect against conventional risks, such as data breaches.
For example, if a business experiences a breach, they will file a claim with their cyber liability insurer providing first-party cyber coverage. That said, here are a few coverages to know:
- Cyber incident Response: This part covers fees and costs incurred by your company and charged by a response provider to investigate an actual or suspected privacy event or system breach and to respond and notify individuals in line with local regulation.
- Business Interruption Loss: It covers expenses and revenue impact incurred by your company if you can’t access your systems due to a system breach or denial of service attack that interrupts your company’s computer system for an extended period.
- Contingent Business Interruption Loss: This portion covers expenses and revenue impact incurred by your company if you are unable to access to your systems due to a system breach or denial of service attack that interrupts a computer system (other than your company’s) operated for your company’s benefit by a third party for an extended period.
- Business Interruption – System Failure: It covers expenses and revenue impact incurred by your company due to a non-malicious computer-related act that interrupts your company’s computer system for an extended period.
- Contingent Business Interruption Loss – System Failure: It covers expenses and revenue impact incurred by your company due to a non-malicious computer-related act that interrupts a computer system (other than your company’s) operated for your company’s benefit by a third party for an extended period.
- Reputational Harm: This part covers expenses related to a PR firm to manage adverse media publication responses to a suspected or actual hack.
- Digital Data Recovery: It covers the fees and costs incurred by your company to regain access to or restore/recreate any electronic data on your company’s computer system, usually requiring a backup to exist.
- Network Extortion: This part covers expenses and payments (including ransom payments) to a third party to avert potential damage threatened against your company, such as the introduction of malicious code, system interruption, data corruption, or destruction or dissemination of personal or confidential corporate information.
It’s not surprising that cybercrime runs rampant in the US — and worldwide. Given its prevalence and how cybercriminals are able to adapt nearly as swiftly as the technology designed to stop them, having a reasonable response plan and safety net are paramount. Consider fraud, identity theft, or privacy violation and how these wrongdoings unfold, typically in ways designed to dupe you and delay the realization that you’re under attack.
Cyber liability insurance works to protect against such offenses. The following are some critical cybercrime coverages to keep in mind:
- Computer Fraud: This portion covers loss of money, securities, or property sustained by your company resulting from the unauthorized entry into or transmission of corrupting or harmful software code into your company’s Computer System.
- Funds Transfer Fraud: It covers loss of money, securities, or property sustained by your company resulting directly from fraudulent instructions (other than forgery), purportedly issued by your company and issued to a financial institution directing such institution to transfer, pay, or deliver money or securities from an account maintained by your company without your knowledge or consent.
- Vendor or Client Payment Fraud: This part covers money owed to your company but not collected for services rendered or goods delivered to a Client, or the amount your company paid a Vendor for goods or services you did not receive; directly caused by an instruction that intentionally misleads a Vendor or Client.
- Telecommunications Theft: It covers toll and line charges that your company incurs solely due to the fraudulent infiltration and manipulation of your company’s Telephone System from a remote location to gain access to outbound long-distance telephone service.
- Social Engineering Fraud: This part covers loss of money, securities, or property sustained by your company resulting directly from the fraudulent inducement of an employee to provide information or release funds to a bad actor, usually pretending to have proper authorization.
Cyber Insurance Enhancements
Many insurers offer commercial insurance enhancements or endorsements to customize coverage better. Enhancements can benefit companies by adding, removing, or changing coverage slightly. Concerning cyber liability coverage, here are a few terms to know:
- Preventative Shutdown Endorsement: This portion extends the Business Interruption insuring agreement to include interruptions caused by intentional shutdowns of your company’s Computer System to prevent or reduce the spread of malicious code.
- Hardware or Equipment Betterment: It provides coverage for a reasonable upgrade of your company’s computer system as recommended by a qualified provider.
- Bricking Coverage: This part covers the reasonable and necessary external fees and costs to replace any component of your company’s computer system that is no longer functional due to a bricking attack.
- Contingent Bodily Injury: It’s coverage for damages and fees resulting from contingent Claims made against your company alleging bodily injury to a third party resulting from a security failure or breach.
Cybercriminals are becoming more sophisticated, targeting all-size businesses with multi-tiered attacks. Nowadays, it’s not if these hackers will come after your company; it’s when.
Protecting your company is a must — but understanding the details of what coverage your company needs can be a confusing process. Finding the right policy to balance protection and individual needs is the first step.