What is Cyber Liability Inusrance Program? 6 mins

A cybersecurity survey published by France’s Information and Digital Security Experts Club (CESIN) reported that 80% of the organizations have been a part of cyberattacks incidents in recent times. The root causes as underlined by Allianz Global Corporate & Specialty (AGCS) are security breaches, malware installation, espionage or ransomware, and reckless handling of vital information touchpoints.

These types of attacks also vary greatly in terms of intensity and impact they have on business functions, often exposing key vulnerabilities of security systems and informational databases, making the corporations prone to even more future damages. Therefore, keeping these facts in consideration we strictly recommend you purchase a cyber-liability insurance program that will help you protect against any unwanted damages of a cyber-attack.

What is a cyber-liability insurance program?

Cyber-liability insurance is the protection of loss of data. This data can include both the information of the organization itself and the personal information of its employees. It can also include information breaches of customer’s data During a cyber-attack, as previously mentioned critical data may be lost to hackers or any bad actor, often exposing key vulnerabilities of the organization’s security system. Under the cyber liability insurance program, our company ensures the provision of expenses as a result of cybercrime or data bread violations which lead to the unapproved release of critical information of otherwise protected data.

Why do your companies need cyber-liability insurance programs?

Forbes reported that more than 3,800 data breaches may have occurred in last year alone. The main target of these breaches was not major corporations but rather perpetrated against 80% of small to medium-sized enterprises. Which is an alarming figure given the damage the cyber-attacks inflict. In addition, the average out-of-pocket cost for dealing with the fallout from a data breach is about $80,000 indirect costs. This cost is exclusive of any indirect cost and loss trade-off costs.

Following is a list of named perils in terms of cybercrime

1. Ransomware: This is when your computer has your data being held hostage until you pay a monetary amount to the hacker to release information regarding your organization and its key personnel.

2. Malware: This is the installation of malicious software on your computer that's designed to steal data or even corrupt your system.

3. Phishing: It is the use of fake emails to look like legitimate emails to get you and your employees to share sensitive information freely with the bad actor. It can either be intellectual property theft where someone gets into your system and steals proprietary or confidential business information.

4. Denial of service: This is where your server for your website or your email system is overloaded with a high-volume attack that is designed to take down your system.

5. Social engineering attacks: these are a series of attacks that are designed to trick you or your employees and contractors into doing something they're not supposed to do

6. Fraudulent transfers: In this, the hacker may impersonate themselves as a person in higher authority e.g. a fake CFO email is instructing people to send money to places they shouldn't be sent otherwise.

7.   Corporate espionage: This includes threats from inside of an organization. There may be certain bad actors in an organization who have a negative agenda against management. So, in pursuit of a coup, these people may often conduct corporate espionage, spewing large amounts of confidential data.

Following are different types of sensitive data that can be exposed:

1.    Personally identifiable information (PII)

These are all of the personal secret stuff which can include data such as social security number, date of birth, driver's license number, security question, etc.

2.    Protected Health Information

This is covered under HIPAA federal law, which basically has everything to do with health data including an individual's background, biographical, and medical records.

3.    Payment Card Industry data

This includes an individual’s credit card numbers, expiration dates, and security digits of workplace cards.

4.    Employee information

This category mainly includes information like hire dates, social security numbers, and tax records, mostly highly sensitive and confidential information.

5.    Business proprietary information

These are trade secrets that include both intellectual property and also sensitive strategic and operational data, long-term future goals that are developed for instance, for the second half of this year.

6.    Governmental and infrastructure information

This includes information such as utility and power grid and municipal websites and email servers. This is where there is lots of important information about public sector employees and city data.

These categories include critical data which is very important for organizations and small and medium-sized enterprises alike. When hackers may access these critical points and they may try to distort the information.

Here is a list of reasons why your typical cyber liability insurance companies fail to provide you adequate coverage:

1. They provide a minimal range of coverage options that they have available on package and business owner policy options. This simply means that they simply don't have a lot of the options that you would want them to have for your small businesses.

2. Most of the policies that major insurance companies provide have a very limited option for cyber-liability and data breach coverage and a non-existent first-party coverage option. Even when they do have more options, these insurance companies may not dedicate a good amount of coverage for a lost cause as a result of cyberattacks. For instance, a $50,000 limit for cyber liability protection.

3. Most agents and brokers really don't understand cyber liability insurance. Moreover, these insurance companies may not be capable of delivering good advice because they simply do not know enough about the subject to be able to have an intelligent conversation on the topic that you may be discussing with them.

4. Lastly, one of the big problems is just the insurance industry as a whole, and a lot of companies in it are not very well known for innovating and for embracing and welcoming new things that come on the scene such as modern-day cyberattacks that have a detrimental impact on companies.

What does your normal cyber liability insurance coverage offer?

1.    Cyber liability coverage

This is the building block of any insurance program that is addressing the major concerns related to any cyber-crime. This is a third-party coverage that is going to protect against liability that you have for the breach and the release of information.

2.    Cost of legal defense

This includes legal defense and any settlements that are appropriate in resolving your case.

3.    Breach of contract

This includes payment card industry (PCI) fines, as when your company experiences a data breach, not only your personal data gets exposed to hackers, data of your vendors and customers are also at risk. The regulatory authority PCI may fine you as a result. Cyber liability insurance will also cover these fines.

4.    Other regulatory penalties (including HIPAA)

This includes health information especially for vulnerable populations that may have a lot to lose if their information is released. As a result of your negligence to data vulnerabilities, there may be additional fines and penalties. A full-featured insurance program will help compensate you for these regulatory fines and penalties to help minimize your out-of-pocket costs.

Next Blog