What Does Cyber Insurance Really Cover?
Cyber risk continues to be the greatest insurable threat to businesses of all sizes in 2021. Small businesses, including solo single-person businesses all the way up to middle-market firms have seen increased threats and events during the course of this year.
So in this video, I’m going to give you the scoop on what does cyber insurance really cover in 2021.
First, a bit of a disclaimer. Cyber insurance is not a standardized form of insurance and every policy form on the market will differ slightly from another. I’ll give you the broad overview of the most common features of cyber today.
From the 30,000 foot perspective, cyber insurance is designed to cover a wide range of expenses, costs, and lawsuits that may arise when your company is hit with a breach, hack, or event. But more than just insurance coverage or money proceeds to pay for these expenses cyber insurance will help you recover from an event by identifying and solving the cause of the event, breach, hack, or attack.
The cyber insurance policy is broken into three distinct sections:
#1 is First party coverages – these are coverages focused on the damages you suffer directly. The most notable is business interruption costs you suffer while down from something like a ransomware attack. Other first-party damage coverages include:
- Notification costs – if private data left your network, you need to notify those affected record holders.
- Data Recovery and Reconstruction Costs
- Extortion Demands and other costs associated with a ransomware attack
- Damage to Hardware, commonly called bricking.
#2 is Third Party Coverages – these are costs you incur from lawsuits – legal fees, defense costs, and settlements for example. Examples of third party losses include:
- Network Security & Privacy Liability Lawsuits
- PCI or Payment Card Industry fines and penalties imposed by banks and credit card companies
- Regulatory fines and penalties
- Media liability lawsuits – and I want to highlight this coverage part. In the past the perils of libel, slander, defamation, plagiarism and the like were covered by a business’s general liability policy, unless the company was in the publishing business. Well, today just about everyone is in the publishing business due to social media and most general liability policies will decline claims which come from social media, which of course is the most frequent source of these types of claims. While claims here don’t happen often, it points to the need for cyber even more.
#3 is Cyber Crime, and this is where the policy forms get a little wonky and require careful examination. This portion of the policy is intended to cover the loss of money and securities you suffer from illegal activity deploying digital means to commit crime. You will see terms like social engineering, digital theft, fraudulent funds transfer, computer theft and more in this heading.
Those are the three major coverage headings found in most cyber insurance policies being sold today.
Now I mentioned earlier that in addition to insurance which are dollars to help remediate a claim, cyber insurance policies also come with a breach coach which is a special claims handler at the end of the cyber claims hotline staffed by most insurers.
Why do you need a breach coach?
The answer is simple. When you discovered you’ve been hacked, or your data is held hostage by ransomware, or a similar event, your going to be so wound up, you’re not going to know what to do first. You need an expert to help coach you through the event so that you can recover quickly and get back to business and deal with numerous potential issues. The good news is that most insurers have breach coaches and your call is not the first frantic call from a business owner they’ve experienced.
They know what to do and how to do it. In my opinion, the breach coach could be one of the most valuable parts of a cyber policy.
Now, what’s new in 2021?
Well in the last few months we’re seeing a pretty serious hardening of the marketplace. That means rising rates, more disciplined underwriting, and for firms that can’t demonstrate good cybersecurity practices a dwindling number of insurers willing to write their coverage.
This is all due to the massive claims insurers have been covering for the past year, which really heated up since January 2021.
If you have cyber insurance it’s important to read your renewal offers to see if any new exclusions or conditions have been added to your policy. If you don’t have cyber insurance – get it – the good news is that coverage is still available and affordable.
There are some new entrants to the market for small business cyber and for larger accounts, more underwriters are attracted to better accounts that have a serious data security posture.
Here’s the bottom line.
The cyber insurance market is likely to continue to evolve through 2021 and beyond. There doesn’t seem to be an end to the massive ransomware attacks taking place and claim costs will continue to push rates higher and availability lower. That means you need to be best in class to get a great deal or a great renewal quote. Work with your managed service provider to beef up security. Take MFA seriously, most insurers are insisting on this now.
Have other questions on cyber insurance, what’s covered, how to get it, or anything else? Why not click the button below to get a conversation started. I promise no pressure, no sales gimmicks, just some conversation to see if what we do is a good fit for you and your firm. I work across the U.S. and love helping business owners and decision-makers with their insurance and risk problems.