Privacy Liability/Network Security (i.e. Cyber Insurance) policies cover your organization for losses related to data breaches and privacy or security failures.
Below is an outline of the most important exposures to insure in a Cyber policy. Policies are broken down into First Party (losses only affecting you, the insured) and Third Party (losses affecting others and holding you liable).
Privacy breach liability
Amounts you owe to third parties, or employees, for damages caused by their private information getting into the wrong hands.
Costs of notification
Nearly all states mandate notification of individuals whose data has been breached. For those few states which do not require it, there may be federal laws requiring it if you are in certain industries.
Furthermore, depending on your industry and situation, you may need to engage in voluntary notification. The average cost of notification is $25-35 per person, which should give you an idea of the coverage limit you may need.
Regulators at state and federal levels investigate breaches and enforce actions against the business that allowed data to be breached.
In a report by the Insurance Information Institute, it was shown that 700-1200 data breaches occur each year costing each company $1.9M to a whopping $65M to recover. Additional resources have revealed that as many as 65% of small businesses NEVER recover from a major data breach.
If you or your business maintain electronic records or any form of electronic communication or accept electronic payments, then you have an exposure. It may surprise you how affordable cyber insurance is for your company. Increased competition by major insurers has make coverage widely available. Each policy may contain important coverage considerations, so it’s important to carefully review each policy detail and be sure it matches your needs.
When switching from one carrier to another, be sure the Retro date is matched by new carrier. Also, when initiating coverage, always try to obtain “full prior acts” coverage – this will ensure that any past activities are covered if they generate a claim later.
Failure to Adhere to Security Practices
Most cyber insurance policies provide exclusions for your failure to adhere to security practices disclosed in the insurance application. Be sure you comply with the best possible cyber security practices, but especially those which you disclosed in the application process.
Definition of Personally Identifiable Information (PII)
This is an extremely important definition, so you want it as broad as possible. At minimum, it should include: social security numbers, driver license numbers, medical or health records, account numbers, financial records, credit card numbers and bank account numbers.
Cyber Insurance, clearly, won’t protect you from every type of exposure your business may face. As a result, there are other types of insurance designed to meet your entire needs.
Here are a few:
- Commercial General Liability
- Commercial Property
- Business Owners Policy
- Professional Liability
- Directors & Officers Liability
- Employment Practices Liability
- Fiduciary Liability
- Business Auto Liability
- Workers Compensation
- Flood Insurance
- Commercial Umbrella
- Surety Bonds
>> LEARN ABOUT OTHER COMMERCIAL INSURANCE SOLUTIONS