Cybersecurity insurance protects organizations against the dangers caused by data breaches, ransomware extortion payments, theft, system hacking, and other attacks. While it’s a policy in itself, some insurers allow business owners to apply it as an add-on to their general business insurance.
Naturally, it’s up to owners whether they purchase cybersecurity insurance or not. However, Kenny Natiss explains that any company that stores sensitive information digitally (i.e., online or on a computer) should certainly carry some type of cyber insurance coverage.
Types of Coverage
Typically, cybersecurity insurance comes in two forms — first party and liability. Both protect companies in different situations.
With first-party cybersecurity insurance, businesses are financially protected for certain costs, including:
- Lost revenue from business interruption
- Risk assessments of cyber incidents
- Incident investigation
- Notifying customers about the cyber attack
- Offering customers anti-fraud services like credit monitoring
- Ransomware attack payments as per policy limits
Liability coverage, also known as third-party cybersecurity insurance, protects businesses in the event that a third party sues them for damages due to a cybersecurity breach.
Such policies usually pay for:
- Court and attorney fees associated with the case’s legal procedures
- Regulatory noncompliance fines
- Court judgments and settlements
Many companies make the mistake of thinking that their general liability insurance covers cybersecurity-related claims, but most general liability coverage excludes them. Therefore, organizations that store customer data should consider obtaining a separate cyber policy.
Cybersecurity Insurance Exclusions
Like other insurance types, cybersecurity coverage won’t cover absolutely everything related to cyberattacks and data breaches.
The common exclusions are as follows:
- Intellectual property — IP losses and lost income related to the cyber incident are normally excluded from coverage.
- Proactive preventive measures — From training employees on cyberattacks to setting up VPNs (virtual private networks), preventive measures aren’t paid for by cybersecurity insurance.
- Self-inflicted cyber incidents or crimes — No cybersecurity policy will cover businesses charged with committing a related crime or causing a cyberattack. That being said, companies can purchase commercial crime insurance to protect against employee theft.
- Property damage — Property damage related to cyberattacks, like hardware problems, isn’t covered. Businesses need commercial property insurance for that.
Do All Businesses Need Cybersecurity Coverage
Regardless of the company’s size, virtually any business can be at risk of cybercrime. So, many would argue that, yes, all organizations should prioritize cybersecurity coverage.
However, it’s worth noting that this type of insurance is particularly important for the following:
- Companies with massive customer bases — Cybersecurity insurance covers regulatory fines that may occur following data breaches. Since notifying customers is required by state law, the cost is much more significant for bigger organizations.
- Businesses that store sensitive information on computers or online — Whether they’re phone numbers, Social Security numbers, or credit card numbers, businesses that store these kinds of information are at risk of cyberattacks. Data breach insurance is essential here, as well as cyber liability coverage if they store sensitive customer information.
- Companies with valuable digital assets or high revenue — Cyber incident costs are hard to predict. Those with valuable data and higher revenues will likely come with more expenses.
Experts suggest that technology businesses also consider purchasing technology errors and omissions coverage — it’s different but related to cybersecurity insurance and potentially just as important.