What's Covered By A Cyber Liability Policy?

A close-up on an abstract design of a display, which is warning about a cyber attack.
••• Image courtesy of [matejmo] / Getty Images.

Like many businesses, your firm may use, store, send, or receive electronic data. This data may include information that belongs to your business, like sales projections and tax records. It may also include data that belongs to other people, such as customers, employees, and vendors. Examples of other people's data are customer payment records and employees' social security numbers.

If electronic data stored on your firm's computer system is lost, stolen, or compromised, the cost of restoring it can be significant.

Moreover, your company may be liable for damages to third parties whose data has been stolen. Your firm may also incur notification expenses if your state requires you to inform those affected by a data breach. You can protect your business against the costs associated with data breaches by purchasing a cyber liability policy.

What Is Cyber Liability Coverage?

Cyber liability insurance covers financial losses that result from data breaches and other cyber events. Many policies include both first-party and third-party coverages. First-party coverages apply to losses sustained by your company directly. An example is damage to your company's electronic data files caused by a hacker. Third-party coverages apply to claims against your firm by people who have been injured as a result of your actions or failure to act. For instance, a client sues you for negligence after his personal data is stolen from your computer system and released online.

While cyber liability policies vary from one the next, many provide similar types of coverages. The most common coverages are outlined below.

First Party Coverages

Cyber liability policies typically include various property and crime coverages. They also cover certain costs, such as notification expenses.

First-party coverages are often subject to a deductible.

Loss or Damage to Electronic Data

Many policies cover losses caused by damage, theft, disruption or corruption of your electronic data. They also cover damage or theft of data stored on your computer system that belongs to someone else. For a loss to be covered, it must result from a covered peril such as a hacker attack, a virus, or a denial of service attack. The policy generally covers the costs to restore or recover lost data. It may also cover the cost of outside experts or consultants you hire to preserve or reconstruct your data.

Loss of Income and/or Extra Expenses

Many policies cover income you lose and extra expenses you incur to avoid or minimize a shutdown of your business after your computer system fails due a covered peril. The perils covered may be the same as those covered under Damage to Electronic Data.

The loss of income and extra expense coverages afforded under a cyber liability policy differ from those provided under your commercial property policy. Cyber policies cover income losses and extra expenses that result from an interruption of your computer system by a covered peril. Property policies cover income losses and extra expenses that result from an interruption in your business operations caused by physical damage to covered property, which does not include electronic data.

Cyber Extortion Losses

Cyber extortion coverage applies when a hacker or cyber thief breaks into your computer system and threatens to commit a nefarious act. For instance, a hacker may threaten to damage your data, introduce a virus, or shut down your computer system unless you pay him or her a sum of money. The perpetrator may also subject your computer system to a denial of service attack or threaten to release confidential data unless you pay the sum demanded. Extortion coverage typically applies to expenses you incur (with the insurer's consent) to respond to an extortion demand, as well as the money you pay the extortionist.

Notification Costs

Policies may cover the cost of notifying parties affected by the data breach in accordance with government statutes or regulations. They may also include the cost of hiring an attorney to assess your firm's obligations under applicable laws and regulations.

Some policies cover the cost of providing credit monitoring services for those affected by the breach. Some also cover the cost of setting up and operating a call center.

Damage to Your Reputation

A data breach can severely damage your firm's reputation. Thus, some policies cover the costs you incur for marketing and public relations to protect your company’s reputation following a data breach. This coverage may be referred to as Crisis Management.

Third-party Liability Coverages

Most cyber policies include more than one type of liability coverage. These coverages apply to damages or settlements that result from covered claims. They also cover the cost of defending you against such claims. Note that defense costs may reduce the limit of insurance. Virtually all cyber liability policies are claims-made. Some third-party coverages may be subject to a retention.

Network Security Liability

Network security liability insurance covers lawsuits against you due to a data breach or to the inability of others to access data on your computer system. Coverage may apply if the data breach or inability to access your system is due to a denial of service attack, a virus, malware or unauthorized access and/or use of your system by a hacker or rogue employee. Policies may cover lawsuits alleging that you failed to adequately protect data belonging to customers, clients, employees or other parties.

Network Privacy Liability

Network privacy liability insurance covers lawsuits based on allegations that you failed to properly protect sensitive data stored on your computer system. The data may belong to customers, clients and other parties. Some policies cover liability arising from the release of private data (such as social security numbers) belonging to your employees.

Electronic Media Liability

Electronic media liability insurance covers lawsuits against you for acts like libel, slander, defamation, copyright infringement, invasion of privacy or domain name infringement. Generally, these acts are covered only if they result from your publication of electronic data on the Internet.

Errors and Omissions Liability

Some cyber liability policies include coverage for errors or omissions that arise out of professional services the insured provides. For example, a policy purchased by a software developer covers claims arising out of coding mistakes and other errors or omissions that arise out of the company's software services. Likewise, a policy purchased by an architect covers claims alleging design flaws, faulty drawings, and other errors.

Other Coverages

Other coverages that may be available under a cyber liability policy include various crime coverages such as computer fraud, funds transfer fraud, and cyber terrorism (acts of violence committed for political purposes). Some insurers have developed cyber liability policies tailored to specific industries. For example, one policy may be designed for businesses in the healthcare industry while another policy is intended for financial institutions.