Cyber Liability Insurance

Let us help you get Cyber Liability Insurance

Cyber liability insurance coverage protects your business against losses that results from data breaches and other cyber events (like ransomware, phishing, password attacks, etc.). In the situation where your company’s data is lost or stolen, cyber liability insurance covers the costs associated with these unfortunate events.

Hacker sitting at laptop, information hacking

What is cyber liability insurance?

In this day and age, almost every business, no matter the industry or size, uses computers (or other hardware) and the internet to send, receive and store electronic data. This data might include customer information (names, addresses, invoices), employee information (names, positions, salaries, home addresses), financial information (sales, forecasts, projections) and tax information. If this data is lost, damaged or compromised, it could be expensive to restore or replace. External data, like customer and employee information, could be even more costly in a situation of theft or compromise, as these parties may sue your business for damages.

There are also other costs associated with lost or compromised data, often the most expensive being notification expenses. Governments typically require a company to notify all individuals and parties whose data or information has been compromised – this can often be a time consuming and costly process to administer.

Cyber liability insurance coverage protects your business against losses that results from data breaches and other cyber events (like ransomware, phishing, password attacks, etc.). In the situation where your company’s data is lost or stolen, cyber liability insurance covers the costs associated with these unfortunate events.

Diverse computer hacking shoot

First party coverage vs. third party coverage

There are two main types of cyber insurance: first party coverage and third party coverage. First party coverage will cover the expenses directly incurred by your company as a result of the breach. For example, first party coverage would pay for the expenses relating to informing your customers and employees that the data breach occurred (postage, printing, etc). Third party coverage protects your company against claims third parties may file against your company, as a result of the data breach. For example, if a customer sues you for negligence as a result of your data breach, third party coverage would protect your company. Third party coverage typically applies to the cost of legal fees as well as any settlements or damages your company is required to pay out, as a result of legal proceedings.

Examples of first party coverages:

  • Loss of income and additional expenses: Covers income losses suffered as a result of the breah and any additional expenses your business incurred to minimize operational disruptions.
  • Loss or damage to electronic data: Covers the costs to restore or replace electronic data or programs that were destroyed, stolen or damaged in a data breach. Typically these losses must result from a ‘covered peril’, such as a virus, denial of service attack or a hacker attack.
  • Notification costs: Covers the expenses related to notifying parties (either voluntarily or as required by your local laws) that were affected by your data breach. This could include things like setting up a call centre, or providing credit monitoring services.
  • Cyber extortion: Covers events where a hacker breaks into your information system and threatens to commit a criminal act, unless you pay a certain amount. Examples of these criminal acts are releasing confidential information, introducing a virus, damaging your data or initiating a denial of service attack. Coverage will usually include expenses you incur to respond to the hackers demands and any payment that you are required to make to the hacker.
  • Reputational damage: In addition to the above noted coverages, some cyber liability insurance policies will also cover additional expenses your business incurs after the attack, related to public relations and marketing. This type of coverage is also known as crisis management coverage.

Examples of third party liability coverages:

  • Electronic media liability: Covers lawsuits against you for a variety of things, as long as they are as a result of a data breach. Typical lawsuits that may be covered: copyright infringement, invasion of privacy, slander, libel, defamation or domain name infringement.
  • Privacy liability and network security: Covers claims against your company for error or omissions or negligent acts that resulted in unauthorized access, introduction of a virus, a denial of service attack or other security breaches. Also covers claims for failure to properly protect sensitive information of employees, clients, customers or other third parties.
  • Regulatory proceedings: Covers the cost of hiring legal counsel to represent your company in legal or regulatory proceedings. Also covers penalties or fines imposed by regulatory agencies.

Who needs cyber liability insurance?

Almost every business in operation today uses some form of technology to store internal and external information. Large, multinational companies have full IT departments dedicated to protecting against these threats, so it is often small and mid-sized businesses that are at most risk to these types of attacks, and the financial costs associated with them. A shocking number of small and medium businesses are attacked every year. We highly recommend businesses of any size and in any industry purchase cyber liability insurance, to mitigate losses associated with these attacks, as these threats continue to become more sophisticated and harder to protect against every day. Contact your insurance broker to understand what type of cyber insurance is best for your business and what policy would best serve your business needs.

Table of Contents

Cyber Liability Insurance FAQ

In our opinion, yes! Any company that stores any data on a computer or other type of hardware connected to a network (yes, that includes a smartphone!) is at risk for hacks, breaches and other malicious attacks. These are hard to protect against and can be costly. A cyber insurance policy mitigates that risk, for businesses of any size.

Yes! Hackers are interested in any data that can be monetized, there include contact information (emails, phone numbers) and credit card or banking data - two things you likely have for all your customers and all your employees.

No, your general liability insurance does not cover data breaches. General liability insurers are making a focused effort to ensure their clients understand that this is not covered by amending policies to explicitly state that losses due to data breaches are not covered.

There are a couple things businesses of any size can do to reduce the risk of data breach:

  • Make all employees use only company devices for company information (i.e. do not allow employees to use personal laptops or computers, without VPN access)
  • Ensure all employees have 2 factor authentication turned on for all their devices that store company information
  • Ensure employees regularly change their passwords, and require them to use passwords that meet complexity criteria
  • Educate yourself and your employees on common attacks like phishing attacks or email scams