Cyber liability insurance
Cyber liability insurance
Cyber liability insurance pays for legal expenses, credit monitoring services, and other recovery costs if a data breach or cyberattack affects your company or your clients.
Why do you need cyber liability insurance?
Data breaches and other cyber incidents are becoming increasingly common and affect businesses of all sizes. While cyberattacks on large companies get the most press, small and mid-size businesses are the biggest targets as they have fewer resources to protect themselves.
A cyberattack could financially devastate your small business. In fact, 60% of small businesses go under within six months of a cyberattack.
Cyber liability insurance protects your small business from financial losses caused by detrimental cyber risks, such as:
- Data breaches
- Cyberextortion
- Viruses
- Phishing attempts
- Distributed denial-of-service (DDoS) attacks
- Stolen laptops or other equipment
Expenses like ransom payments, regulatory fines, and legal action add up quickly. To protect your business’s reputation and bottom line, you should consider getting cyber liability coverage. It's especially recommended for any business that stores customer data or other personally identifiable information (PII).
Small businesses that buy cyber liability insurance often handle:
- Credit card numbers or bank account information
- Medical information
- Social Security numbers or driver's license numbers
- Customer names, email addresses, phone numbers, and addresses
- Cybersecurity for other businesses
What does cyber liability insurance cover?
Cyber liability insurance coverage typically pays for:
- Security breach investigations
- Data breach response and notification costs
- Fines from state regulatory agencies
- Ransomware demands
- Legal services to assist with compliance
- Legal defense costs for cyber liability lawsuits
Cyber liability insurance comes in two forms, each protecting a crucial area of cybersecurity:
- First-party coverage pays for expenses when data stored by your business is exposed, or your computer systems are hacked.
- Third-party cyber coverage pays for your legal costs if a client sues you for failing to prevent a data breach or cyberattack at their business.
What does first-party cyber liability insurance cover?
First-party coverage, also called data breach insurance, is recommended for most small businesses. It helps your business recover from a data breach or cyberattack, and can often be added to your general liability insurance policy.
A first-party cyber insurance policy typically covers:
Data breach responses
State laws typically mandate a response when a data breach exposes customer information. A cyber liability insurance policy helps cover costs associated with hiring a digital forensic expert to investigate the breach, customer notifications, credit monitoring services, as well as Payment Card Industry (PCI) compliance fines.
Cyberextortion payments
If a hacker breaks into your system and holds private data hostage or blocks crucial services, cyber liability insurance will help cover cyberextortion demands so you can get the data or services restored.
Business interruptions
When a cyber incident disrupts your normal business operations, cyber liability insurance can help pay for business interruption expenses, such as the cost of hiring additional staff or rental equipment. This also includes purchasing third-party services, such as a public relations expert or a crisis management team.
What does third-party cyber liability insurance cover?
Third-party cyber liability coverage is designed for tech professionals who handle cybersecurity or recommend software to clients. It offers protection if a client sues you over a data breach or cyberattack at their business.
This coverage is often bundled with errors and omissions insurance (E&O) in a package called technology errors and omissions insurance (tech E&O), which includes coverage for lawsuits over professional mistakes or oversights. Learn more about the differences between tech E&O and cyber insurance.
Third-party insurance typically covers the cost of:
Legal fees
If your small business is sued by a client for failing to prevent a data breach at their company, cyber liability coverage would help pay for attorney's fees and other legal costs for your defense in court.
Settlements
If your business faces a lawsuit from a client who experienced a data breach, you and the client could avoid court by deciding on a settlement that would compensate for the damages the client experienced.
Court-ordered damages
If a client accuses you of being responsible for a data breach at their company and sues your small business, you may be legally required to pay for damages from any judgments in the lawsuit.
How much does cyber liability insurance cost?
Cyber liability policyholders pay on average $145 per month, or $1,740 a year, for coverage. Your exact cost may be more or less depending on your risks.
The cost of cyber liability insurance is based on several factors, including:
- Number of employees
- Volume and type of data handled
- Type of cyber coverage you need
- Your claims history
- Your deductible
- Policy coverage limits
Who needs cyber liability insurance?
If your small business handles any type of sensitive information, you should get cyber liability coverage.
By working with such data, you're at high risk for a variety of cyber threats, such as malware or phishing. And if you experience a data breach, the aftermath could get expensive, especially if many customers were affected.
The risks become even greater when you're responsible for another company's security, which is when you need to add third-party coverage. That's why cyber liability is especially key for technology and software businesses, including:
IT consultants
IT consultants can offer a variety of services, from streamlining operations to installing security systems. These diverse services leave them at risk for cyber threats that could potentially lead to a client lawsuit.
For example, an IT consultant recommends a web service to a client that later turns out to be insecure. A data breach exposes the client's data, and the client sues the IT consultant for recommending the service. Third-party cyber coverage would pay for the consultant's legal defense in addition to a settlement or judgment.
Cybersecurity companies
Cybersecurity professionals create and implement cybersecurity programs firsthand. If a client claims your cybersecurity program is faulty and sues you after a cyberattack, third-party cyber coverage would protect your small business.
For instance, suppose a cybersecurity consultant installs a security program for a healthcare organization. Shortly afterward, the client experiences a data breach that exposes patient information and decides to file a lawsuit. The consultant's cyber insurance would pay for legal defense costs and related expenses, such as regulatory fines.
Software developers
Cyber liability coverage helps software development companies recover financially after a data breach or cyberattack, or a lawsuit related to cybersecurity.
For example, a software developer accidentally clicks on a link in an email that downloads a malicious computer virus. The virus encrypts crucial data and demands a ransom for its retrieval. Cyber insurance would cover expenses related to the ransomware attack, including the ransom and the cost of hiring an expert to investigate the attack.
What isn't covered by cyber liability insurance?
A cyber liability policy protects your small business financially from cybercriminals and other cyber risks, but it doesn't cover all vulnerabilities associated with running a business.
To fully safeguard your small business, you should consider business insurance policies to protect against these common risks:
Professional negligence
Third-party cyber insurance protects your business when a client blames you for failing to prevent a cyberattack. However, it doesn't provide protection against other allegations of negligence. Errors and omissions insurance covers the costs of lawsuits over negligent actions and other mistakes.
Breach of contract
Errors and omissions insurance, also known as professional liability insurance, also covers the cost of lawsuits related to breaches of contract.
For example, suppose a digital marketing agency signs a contract to redesign several websites for a client. Shortly after signing the contract, the agency loses two key employees and is left with more work than it can handle. The client files a lawsuit against the agency for breach of contract. The agency's E&O policy covers its legal expenses and the resulting judgment.
Data loss caused by physical damage
While a cyber insurance policy covers data lost in a software attack, it does not insure data lost from accidental physical damage to a network or storage device.
Electronic data liability coverage expands the property damage coverage in a business owner's policy (BOP), which combines general liability coverage and commercial property insurance, to include loss of data caused by accidental damage to a customer’s computer, hard drive, or other data storage equipment.
Other common questions about cyber liability insurance
How do you get a certificate of insurance?
TechInsurance is a trusted insurance expert for all small businesses, including contractors and consultants, with extensive knowledge of the IT sector.
With TechInsurance, you can easily download a certificate of liability insurance for your small business, often on the same day you buy cyber liability coverage or another insurance product.
This comes in handy for companies and consultants that need proof of insurance to sign a contract right away. Clients may ask to see a certificate of cyber liability insurance before they'll agree to work with your company.
Is cyber liability insurance required by law?
Cyber liability insurance isn’t required by law, but it can pay for regulatory fines that result from a data breach. It can also cover the cost of hiring an attorney to represent your company during regulatory proceedings.
For example, let’s say your web design business in California suffers a data breach, and all of your client data is stolen. If you aren’t able to fix your security issues within the 30 days required by law, you could be subject to fines. Cyber liability insurance can cover any financial penalties.
In addition to this, it can cover the cost of notifying customers affected by a data breach, which is often mandated by state law.
What determines the cost of cyber liability coverage?
Claims history. Your insurance company will charge you more if you have a history of making cyber liability claims. If you haven’t made many claims in the past, you’ll pay less.
Data access. The more people with access to sensitive information, the more a small business owner will pay for cyber liability insurance. Limiting access to sensitive data or hiring a cybersecurity expert may lower your insurance rates.
Coverage limits. If you need higher coverage limits because your business is higher risk, your policy will cost more. For example, if you’re responsible for multiple servers or a large volume of customer records, you’ll need more coverage.
Security measures. You can save money on cyber liability insurance by creating a risk management plan that includes:
- Securing your data behind strong network security firewalls to prevent a breach
- Using antivirus software
- Using a VPN
- Changing company passwords often
There’s no standard cyber liability policy – they contain different terms, conditions, and exclusions. Make sure you clarify the specifics of any potential policies with your insurance agent.