Cyber Insurance

Texas P&C Insurance Agencies Texas P&C Insurance Agencies Texas P&C Insurance Agencies

Cyber Insurance

Technology, social media and transactions over the Internet play key roles in how most organizations conduct business and reach out to prospective customers today. Those vehicles also serve as gateways to cyber attacks. Whether launched by run-of-the-mill hackers, criminals, insiders or even nation states, cyber attacks are likely to occur and can cause moderate to severe losses for organizations large and small. As part of a risk management plan, organizations routinely must decide which risks to avoid, accept, control or transfer. Transferring risk is where cyber insurance comes into play. Every company that handles any personally identifiable information or provides any type of IT-related work should have Cyber Liability Insurance.

Cyber Security Insurance Texas

What is Cyber Insurance?

A cyber insurance policy, which is also referred to as cyber risk insurance or cyber liability insurance coverage, is a Liability policy for businesses that are at risk. They are designed to help an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event. With its roots in errors and omissions (E&O) insurance, cyber insurance began catching on in 2005. It doesn’t stop cyber crimes, but rather helps to keep your business on a stable footing should a significant event happen.

What does Cyber Insurance Cover?

Cyber insurance typically covers expenses related to first parties as well as claims by third parties. Although there is no standard for underwriting these policies, the following are common reimbursable expenses:

  • Investigation: A forensics investigation is necessary to determine what occurred, how to repair damage and how to prevent the same type of breach from occurring in the future. Investigations may involve the services of a third-party security firm, as well as coordination with law enforcement and the FBI.
  • Business losses: A cyber insurance policy may include similar items that are covered by an errors & omissions policy (errors due to negligence and other reasons), as well as monetary losses experienced do to network downtime, business interruption, data loss recovery and costs involved in managing a crisis, which may involve repairing reputation damage.
  • Privacy and notification: This includes required data breach notifications to customers and other affected parties, which are mandated by law in many jurisdictions, and credit monitoring for customers whose information was or may have been breached.
  • Lawsuits and extortion: This includes legal expenses associated with the release of confidential information and intellectual property, legal settlements and regulatory fines. This may also include the costs of cyber extortion, such as from ransom ware.

Keep in mind that cyber insurance is still evolving. Cyber risks change frequently and organizations tend not to report the full impact of breaches in order to avoid negative publicity and damaging the trust of customers. Thus, underwriters have limited data on which to determine the financial impact of attacks. Essentially, the true risk of cyber attacks is not completely understood.

What should I look for in a Cyber Policy?

Not all Cyber policies are the same. As a matter of fact, a General Liability policy could have coverage that would appear to provide for cyber risks. But if you really want to protect your organization from the results of these threats, you need to know what the policy offers you in terms of coverage and how it applies to your specific environment. Some things to look for in a policy are:

  • Is the coverage an extension of an existing policy or a separate policy?
  • Is there more than one type of Cyber policy offered?
  • What are the deductibles?
  • Does coverage applied to both first and third parties?
  • Does the policy cover targeted attaches against the insured or any attach that might touch on them.
  • Does the policy include coverage for specific attacks that occur over longer time frames?
  • What are the criteria and time frames for reporting attacks?

What are First and Third Parties?

As an example, you are a retailer that uses a point of sales system from a vendor. The system has some malware associated with the credit card scanner and information is captured by an outside player. You, the retailer, are considered the "First Party" while the point of sales system vendor might be considered the "Third Party". It is always important for you to know what your vendors have in the way of Cyber insurance protection for themselves and you.