Cyber Threats and Cyber Risk Insurance

Companies are now taking a really close look at the need to purchase cyber risk insurance policies due in large part to the number of data breach incidents and related cyber risks that continue to increase and get reported by news outlets on nearly a daily basis. In addition, government agencies are becoming more actively involved in policing the corporate response to these attacks.

Although the amounts of coverage available can be limited in some instances, whether these policies are referred to as “cyber risk,” “information security,” “privacy,” or “media liability” coverage they all act in much the same way. But unlike most other types of insurance, there’s no standard form on which the insurance industry as a whole underwrites cyber coverage.

Several coverage options to choose from

Many of the cyber policies currently available offer some combination of traditional liability coverage that protects against claims by third parties, as well as first-party coverage protection against losses suffered by the insured. There also are important terms and conditions of cyber policies that can have a significant impact on coverage you offer. With so many different components of coverage available, no agent or broker can reasonably expect to secure every type, but being aware of the differences among the policies being offered is critical to maximizing premium dollars spent by your insureds.

Privacy liability coverage

This is an important aspect of the coverage for most entities as it includes liability to the insured’s customers, clients and employees for breaches of their private information, which can be a major component of liability in the case of a data breach, and quite costly to repair the damages it can bring.

Regulatory actions

There is substantial variance among cyber policies regarding whether, and to what extent, they provide coverage for regulatory and other governmental actions. Even where covered, some policies require that the action be initiated by a formal “suit” in order to trigger the defense obligation.

Notification costs

Another of the major costs related to a cyber crime is that of notifying third parties potentially affected by a data breach. There is an ever-increasing and constantly evolving landscape of breach notification laws that are occurring on a state-by-state basis.

Crisis management

Finally, crisis management coverage includes the costs of managing the public relations fallout from most data breach scenarios. Reputational damage is a major concern, especially among large corporations. Be aware that most, but not all, cyber risk insurance policies contain some form of this coverage.