Does your business need cyber security insurance?
Yes — and here’s why.
In this article:
- Cyber security insurance offers specific coverage related to damages due to a cyber security incident.
- There are different types of cyber security insurance, including first-party and third-party coverage.
- Almost all businesses should consider investing in cyber security insurance, though some types of businesses carry a greater risk of a cyber attack than others.
The average cost of a data breach in the United States is enormous — $9.44 million. Without insurance protections, these costs can be debilitating to any business.
And while large corporations are generally in the news cycle after a major breach, small businesses are not safe from the risks. In fact, 43% of small- and medium-sized businesses reported being the target of a cyberattack.
No matter the size of your business, it’s important to consider investing in cybersecurity insurance.
What is cybersecurity insurance?
Cybersecurity insurance provides coverage for damages — like lost revenue due to business interruption or attorney fees from litigation by a third party — incurred by a data breach.
What does cybersecurity insurance cover?
There are two types of cybersecurity coverage — first-party and liability. Each policy type covers different risks associated with a cybersecurity incident.
First-Party Coverage
First-party coverage covers company costs associated with a data breach, like:
- Lost revenue due to production or operational interruption
- Legal counsel for determining your regulation requirements
- Forensic services for incident investigation
- Notification to customers of a data breach (a legal requirement in almost all states)
- Crisis communication or PR services
Work with your insurance provider to determine exactly which first-party costs your policy will cover.
Third-Party Coverage
On the other hand, third-party coverage provides protection against litigation by a third-party related to damages from a data breach.
For example, third-party cyber coverage can help cover the costs of:
- “Payments to consumers affected by the breach
- Claims and settlement expenses relating to disputes or lawsuits
- Losses related to defamation and copyright or trademark infringement
- Costs for litigation and responding to regulatory inquiries
- Other settlements, damages, and judgments”
But what about general liability insurance — shouldn’t it cover scenarios like these? Unfortunately, no. Liability claims related to data breaches aren’t covered by general liability insurance, so you’ll need to add separate third-party cyber liability coverage to your policy to protect your company.
Which types of businesses need cybersecurity insurance?
Which types of businesses need cybersecurity insurance? Regardless of company size or industry, we’d suggest that almost all businesses should consider investing in some type of cybersecurity insurance.
Some businesses, however, are at particularly high risk.
Does your business store sensitive customer or employee data — like credit card numbers or social security numbers, either on company servers or on third-party servers? If so, you are an attractive target for cybercriminals. You should certainly invest in cybersecurity insurance that covers data breaches and liabilities.
Does your business generate significant revenue? Companies that generate large revenue are at a high risk for ransomware and other cyber attacks.
Does your business have operational technology? Cybercriminals often target OT environments in ransomware attacks. Some cybersecurity insurance policies can help cover incidents where ransom is involved as well as lost revenue from production interruptions.
How do I get cybersecurity insurance?
Cyber liability insurance is fairly new, so expect a range of coverage and costs. Many insurance companies offer it as an add-on to your policy, or you can purchase it separately. Be prepared to comparison shop to find the pricing and coverage that suits your business. Contact us if you have any questions.