Cyber Insurance - Cyber Liability Insurance

The numbers indicate that organizations are seeing a need for cyber insurance, but what does it cover? Cyber insurance typically covers expenses related to first parties as well as claims by third parties. Although there is no standard for underwriting these policies, the following are common reimbursable expenses:

What does cyber insurance cover?

  • Investigation: A forensics investigation is necessary to determine what occurred, how to repair damage and how to prevent the same type of breach from occurring in the future. Investigations may involve the services of a third-party security firm, as well as coordination with law enforcement and the FBI.

  • Business losses: A cyber insurance policy may include similar items that are covered by an errors & omissions policy (errors due to negligence and other reasons), as well as monetary losses experienced by network downtime, business interruption, data loss recovery and costs involved in managing a crisis, which may involve repairing reputation damage.

  • Privacy and notification: This includes required data breach notifications to customers and other affected parties, which are mandated by law in many jurisdictions, and credit monitoring for customers whose information was or may have been breached.

  • Lawsuits and extortion: This includes legal expenses associated with the release of confidential information and intellectual property, legal settlements and regulatory fines. This may also include the costs of cyber extortion, such as from ransomware

Who needs Cyber Liability Insurance?

Just about any organization that uses technology to do business faces cyber risk. And as technology becomes more complex and sophisticated, so do the threats we face – which is why every business and organization needs to be prepared with both cyber liability insurance and an effective cyber security plan to manage and mitigate cyber risk. At Travelers, we understand the complexity of cyber threats and have solutions to help protect your business assets.

Employees click on phishing emails anywhere from 8 to 20 percent of the time, depending on how enticing the content is, according to the 2016 Phishing Susceptibility and Resiliency Report.2 If 10 employees receive the same phishing email, it’s almost certain that at least one of them will click on it, posing a real risk to business owners.

Most states require companies to notify customers of a data breach involving personally identifiable information– a process that can be very expensive. And even though most states don’t require companies to offer free credit monitoring following a breach, such a gesture goes a long way with public relations.

Your incident response plans “should include the insurance component in there. Whatever other requirements you have in your policy, put that into the incident response plan” so “it doesn’t fall through the cracks when you’re dealing with a crisis.

Ransomware Cyber Insurance

The first case of ransomware dates back to 2005, and the number of attacks has grown exponentially since then. According to the 2017 SonicWall Annual Threat Report, ransomware attacks grew from 3.2 million attempts in 2014 to 3.8 million in 2015, and then rose meteorically to 648 million attacks in 2016.1

The average ransom paid likewise shot upward. Symantec’s 2017 Internet Security Threat Report states that ransoms jumped from $294 in 2015 to $1,077 in 2016, but ransoms as high as $70,000 or more are not unheard of.

Cyber and privacy insurance is often confused with technology errors and omissions (tech E&O) insurance. In contrast to cyber and privacy insurance, tech E&O coverage is intended to protect providers of technology products and services, such as computer software and hardware manufacturers, website designers, and firms that store corporate data on an off-site basis. Nevertheless, tech E&O insurance policies do contain a number of the same insuring agreements as cyber and privacy policies. CyberSecOp can help to ensure your orgnaization have the right Cyber Insurance in place.