cyber liability insurance concept

cyber liability insurance concept

In a business world taking advantage of all that new and advanced technology has to offer, it might be easy to forget the vulnerability associated with displaying so much private and valuable information on accessible sites. As with all types of risk, data information leakage will drive up your company’s costs due to the actual loss in value of leaked information or a failure to meet data protection requirements mandated by the state. Companies that use online resources can reduce this inevitable increase in their unfunded exposure by utilizing cyber liability insurance.

One of the primary costs concerning data breaches is notifying affected users of a hacked online resource. The cost of maintaining a data breach notification system can be very high and has only increased since the escalation of hacking in recent years. Without cyber liability insurance, a company is liable for all of the costs associated with creating and maintaining a breach alert system.

One might ask why this system is necessary? 46 out of 50 states have mandatory requirements for data breach notification (Contact a Risk Advisor for information into your state’s particular mandates). Furthermore, a notification system markets your company as reliable, so that your customers and everyone whom you work with can trust the online resources that you provide. Cyber liability insurance can cover a significant amount of the expenses associated with maintaining an alert system and can help your company reinvest those saved dollars into other business operations.

The rise in data breach occurrences, highlighted by 2012’s “Summer of Hackers”, has increased legislation and will continue to do so in N.Y.. For example, with the passage of the 2013-2014 NYS Executive Budget, businesses in New York “that experience breaches of computerized data which includes private information must file notices with the New York Attorney General; Department of State’s Division of Consumer Protection; and the Office of Information Technology Services’ Enterprise Information Security Office.” So not only must your company notify all affected users, but it must also ensure that all of the proper paperwork is filed with these three New York State Government entities. Failure to comply with notification requirements will result in “disciplinary or other appropriate action in accordance with law, rule, regulation, policy or negotiated agreement.”

New law implemented by the government in response to the increase in data breaches will result in a higher cost of dealing with data breaches, and consequently a higher cost for businesses who use online resources and remain uninsured. New York businesses are responsible for taking care of all of the costs associated with upholding a proper notification system for cyber attacks. However, if a data breach were to take place, cyber liability insurance would provide the monetary support necessary to take care of this notification issue, allowing your business to remain financially comfortable.

How to Buy Cyber Liability Insurance

Cyber liability insurance covers many different issues related to managing and resolving cyber attacks:

    • management, investigation and remediation of an incident
    • ensuring that related users and government officers are notified
    • ensuring that affected users’ credit remains protected after an attack
    • any legal costs, including intellectual property rights infringement
    • funds necessary to repair a damaged website
    • costs related to data on third-party suppliers
    • recompense for denial of access to an online resource

 

Every company must buy coverage for their own particular cyber needs. Two companies will almost never experience the same cyber risks. In order to buy an appropriate policy, you must first identify your company’s specific cyber risks. For example, your company might need to cover defacement of a website that is essential to its operations. However, you might not need to cover costs related to data on third-party suppliers because your company does not deal with data that puts third-party suppliers at risk.

In order to identify the cyber liability insurance policy that corresponds with your individual data risks, you may want to consider some cyber related questions about your company, such as the following:

    • What information currently stored on an online resource is essential to safeguarding your business operations?
    • Who has access to this data? / How is this information stored? / How is this data currently protected?
    • What are your state’s particular mandates on notifying users as well as the government of data breaches that have taken place? / What penalties/fines might be assessed if you do not meet these requirements?
    • Does your company have any credit checking system?
    • Does your company have a website that brings in a lot of business? / If this website were to be tampered with, would it have a significant impact on business operations?
    • If a hacker were to gain full access to your private information, would other companies that work with you be put at risk? / Would this lead to a potential lawsuit?

Because cyber liability insurance is an up and coming industry, its technicalities are not entirely clear to all insurance brokers. Often, brokers have difficulty quantifying the losses for different types of data breaches. It is essential that when dealing with cyber liability insurance, you find a broker that is a specialist in the field and that treats your individual problems. Choosing the right insurer can be the difference between overpaying for coverage that you will never use or having cost-effective coverage where the insurer understands the consequences of a breach and the costs that come with it. Finding a specialized broker will not only save money, but will also save you tremendous amounts of time. They will be more prepared to answer cyber liability insurance questions that you will eventually have to deal with when deciding on a policy, such as the following:

    • What security rules can you implement that will reduce the premium?
    • What effect will a claim have on your future premiums?
    • The cyber security industry is changing at an exponential pace. How will you keep your policy current?
    • Would you be able to make a claim if you were unable to identify a breach until several months or years after it had taken place, possibly outside the period of cover?
    • Will you be required to take a security risk review?
    • Are any business operational actions required of you to control risks?
    • Will you receive any third-party risk advisory in regards to making the right security decisions for the particular industry you are in?

 

If you have any questions or want more information on managing cyber risks with cyber liability insurance, click here or feel free to call a Risk Advisor @ 914-357-8444