By the time the U.S. government’s Department of Homeland Security office convened its April 2016 Cyber Incident Data and Analysis Repository Workshop in Arlington Virginia to “discuss the value and the feasibility of a cyber incident data and analysis repository,” the department had already established a Cybersecurity and Infrastructure Security Agency as part of the DHS umbrella of services.
Despite the establishment of this entity, the number of cyber attacks on U.S. businesses and government entities had exacerbated, bringing some of them to their knees and forcing them to pay bitcoin ransoms demanded by hackers.
In 2021 alone, analysts within Illinois’ Touro College & University System documented the “The 10 Biggest Ransomware Attacks of 2021,” detailing the most egregious incidents that headlined news: the Colonial Pipeline and JBS Foods incursions. University cyber attack experts say that these incidents are just the tip of the iceberg. Even the National Basketball Association sustained a hit, proving hackers are quite versatile when targeting their victims.
Cyber Liability Insurance; fast becoming an essential for businesses
What can a business owner do to protect their interests from malware and other types of cyber attacks? According to attorney Brenda R. Sharton writing for the Harvard Business Review, “the game has changed,” as hackers get more creative, indiscriminately gleaning valuable information and then delivering what Sharton calls “a “pay up or else” ultimatum to ensure data privacy.
The name of the game has become reducing risk by taking intelligent steps to stop criminals before breaches occur and especially by acquiring a cyber insurance policy with adequate coverage to reflect “the current reality” all businesses face. As complicated as this problem has become, the issue of cyber liability insurance coverage has grown equally complex since cyber policies are not standardized.
Further while Cyber Liability Insurance is designed to cover financial losses resulting from data breaches, policies have become quite diverse. Some may or may not include both first- and third-party coverage. Complexity of policies are further complicated by out-of-pocket expenses that must be borne by the policy holder, not to mention diverse liability issues that confront policy owners if lawsuits are brought by auxiliary victims of a business hack.
9 Coverage types commonly included in Cyber Liability Insurance policies
1. Data restoration and/or replacement of software, programs destroyed during a cyber attack.
2. Loss of income as a direct result of operations being brought to a halt.
3. Additional expenses associated with restoration of systems that have been destroyed by data breaches.
4. Coverage for cyber extortion reimbursements resulting from ransom demands made that threaten to release confidential data.
5. Fees associated with hiring experts to negotiate extortionist demands and conditions.
6. Funds necessary to institute a notification system designed to inform impacted parties of data privacy incursions — particularly important since personal information of individuals can be compromised leaving personal credit data vulnerable to theft.
7. Crisis management expenses not limited to lawyers, computer experts, forensic accountants and public relations professionals trained to mitigate reputation damage. Additionally, coverage extends to regulatory proceedings that are related to data breaches.
8. Network security and privacy liability coverage associated with lawsuits originated by clients who were impacted by the cyber attack and had their data privacy impacted.
9. Electronic media liability coverage designed to hold a company harmless should a hack result in privacy invasions, copyright and domain infringement issues, libel, slander, and defamation associated with Internet-related publication.
Cyber Liability Insurance coverage exclusions
As of this time, insurance companies offering Cyber Liability Insurance do not offer coverage related to the following situations:
-War and terrorism
-Cyber incursions occurring before the policy’s stated retroactive date
-Failures associated with utilities rather than malware placement or hacking
-Property damage and bodily injury claims
-Contractual liabilities that are spelled out within the language of the contract
-Dishonest acts proven to have been initiated by the insured party
-Costs incurred by a business using a cyber attack as an excuse to upgrade and restore a network to “a higher level of functionality” than the previous system’s capacity.
Cyber Liability Insurance is fast becoming an essential facet of doing business in the U.S. and abroad, thus it is wise to stay abreast of changes and laws associated with this type of coverage as well as doing the high-quality research needed to find the best coverage possible for unique business models.
According to Insurance Business Magazine, the publication of Insurance Business America, the top 10 companies offering this type of insurance tend to change by the year, which is why savvy business owners are wise to keep tabs on which companies are delivering the latest and most comprehensive coverage.