Businesses that deal in sensitive data or personal information face an array of threats to the safety and integrity of that information. The loss of this information via a breach or hacking incident can lead not only to massive business interruptions, but also delays and potentially crippling regulatory fines. There are myriad new laws that regulate how businesses deal with Personally Identifiable Information (PII), trade secrets, and other sensitive data. Due to this regulatory complexity, a hacking event can be a nightmare for a business owner.
Luckily there is insurance available that can respond in the event of a hack, breach, or other internet-related mishap: Cyber Liability Insurance. Besides the steps that businesses can take to mitigate the risk of a cyber incident on their own, Cyber Liability Insurance is one of the best ways to account for the inherently unpredictable risk that comes with storing or dealing in sensitive information.
Cyber Liability Insurance contains many coverage options that can be tailored to your operation to ensure a good fit. What follows is a summary of the possible coverage options and their applicability:
Information Privacy
Maintaining secrecy and confidentiality around sensitive information is one of the main reasons to buy cyber liability insurance for your business. This coverage can be tailored to help you respond to the loss or theft of this information in a timely manner without having to pay for the entire incident out of pocket.
Available coverages include:
Information Privacy Liability – this pays for your defense and any settlement up to the policy limit as a result of losing sensitive data, trade secrets, PII, etc.
Regulatory Liability – the loss of regulated PII (such as medical records) can carry significant regulatory penalties as well as extensive investigation and court proceedings to determine liability. This coverage pays for your defense and settlement for any actions a regulatory agency might take against you.
Event Response and Management – Most cyber liability carriers offer a suite of services to help make you whole in the event you do suffer a breach that results in the loss of sensitive information. This is essentially a white glove response to assessing what happened, how to fix it, and how to prevent future issues, all paid for by the insurance carrier.
Network Security
In the event that your network is breached by a hacker, you can become a vector for spreading malicious code or other computer viruses to other computers tied to your network or even beyond.
This coverage is usually broken into two pieces: 1) liability coverage in the event your network causes problems for others, and 2) event response and management coverage, very similar to that offered under the “Information Privacy” coverages.
Business Interruption
In the wake of a cyber incident, business operations are likely to be substantially altered while handling damage control and recovery for your clients. This time period can have a big effect on revenue, not only during the recovery process but also for sometime afterward.
Business Interruption is included on most cyber liability policies for just this reason. Furthermore, most policies will pay business income regardless of whether interruption originated in your network/system or if it originated from one of your service providers.
Cyber Extortion
Also known as a “ransomware” attack, cyber extortion is becoming more and more common. This coverage will pay the ransom up to the policy limit, as well as assistance to reduce the possibility of this happening again.
Financial Fraud
Online fraud can take many forms. Cyber Liability policies typically divide the possible forms of fraud into the following two categories:
- Social Engineering – the use of deception to manipulate individuals (employees, owners, managers, etc.) into divulging information that is personal or confidential, for the purpose of use in further fraud or personal enrichment.
- Computer Fraud – any intentional, fraudulent or unauthorized input, destruction or modification of electronic data by a foreign entity, provided that such fraud causes a loss of funds/securities whether on behalf of your business or any of your clients.
Media Content
The final coverage that is commonly found on cyber liability policies pertains to Media content, which is quite broadly defined.
The Media Liability portion confers coverage in the following situations:
- Defamation, libel, slander or tort that causes harm to any person or organization
- Infringement of any slogan, logo, trademark, etc.
- Copyright infringement, plagiarism, piracy, misappropriation of intellectual property (provided it was unintentional)
- Invasion of privacy, including accidental disclosure of private facts or data
- Invasion of privacy including trespass, harassment or eavesdropping
The media content coverage also typically pays to restore a firm’s reputation with the public after a cyber incident – something that is very important when a business is trying to restart operations after a serious breach or similar incident.
If you run a business that relies on or deals in sensitive information, trade secrets, PII, HIPAA data or anything similar, then you are at a heightened risk for any of the possible situations outlined in this article.
If you want to know more about how to acquire insurance for sensitive data or information, please reach out to us. There’s never any cost to get a quote and have a discussion about your situation.