Modern businesses depend on digital technology. Technology makes them more efficient, but it also leaves them vulnerable to technical failures and cyber attacks. Innocent mistakes, like an employee clicking on a malicious link in an email, can quickly turn into six or seven-figure catastrophes.
Cyber insurance helps companies mitigate the financial risks and liabilities that come with modern technology.
A single cyber policy can cover the costs of a wide range of events, including:
Many cyber insurance policies include additional risk-preventing services including access to expert security services that help remedy cyber events as they occur.
Any business that uses technology is at risk. Even a small digital presence carries liability: your corporate Facebook page could be defaced, damaging your reputation and alienating customers, or your email account could be breached, leaking your customers’ data for which you may be liable.
While cyber attacks on large companies are frequently in the news, most cyber attacks are on small companies. It is especially small businesses that are at risk, because they usually have fewer resources to invest in security and to defend themselves. That is precisely why insurance is most useful for small businesses.
Cyber attacks are becoming more frequent and severe. Cyber criminals are taking advantage of businesses adapting to remote work and relying more on technology.
Cyber incident recovery costs frequently exceed $1M and can easily bankrupt a small business. A recent study shows that 60% of small businesses go bankrupt within six months following a data breach.
Cyber insurance is increasingly required when signing contracts for everything from service contracts to equity investments. Purchasing a policy in advance can help secure contracts faster.
Below are the most common cyber insurance coverages. At GetCyber.com, we want you to have all your bases covered – we will provide you with every coverage below whenever possible, and highlight any limitations or exclusions when you compare quotes.
Coverage for notification costs, forensic costs, legal expenses, and crisis management in the event of a data security or privacy breach.
Your database containing customer payment information gets breached. The insurer will pay for security forensics on the breach, and for notifying affected customers about the event.
Coverage in the event that a cyber incident leads to hardware becoming unusable and beyond repair.
A server at a data center gets hacked. Despite the fact that the malicious software was removed - the server may still be corrupted/untrustworthy (and is therefore unusable). Bricking coverage will cover the cost of replacing the server with a new one.
Coverage for lost revenues or expenses incurred due to an interruption or outage of an insured’s systems caused by a cyber security breach.
A cyberattack knocks important servers offline, preventing you from completing sales. The insurer will cover both the revenues lost due to downtime, and the costs to put the servers back online.
Coverage for lost revenues or costs due to Business Interruption as a consequence of third parties suffering outages that prevent the insured from generating revenue or operating normally.
The vendor managing your IT system has downtime due to a cyber attack. Consequently, you cannot process new sales. Your insurer will reimburse you for those lost revenues.
Coverage for costs due to sickness or bodily harm to a person caused by a cyber event suffered by a third party.
Your factory has a conveyor belt that is controlled by software managed by a third party. The third party is breached, their software stops working, and conveyor belt malfunctions, injuring a worker. The insurer will pay for the worker’s medical expenses.
Also known as ransomware, this is coverage for costs associated with a cyber extortion event, including extortion monies paid as a result of an extortion threat.
A hacker breaches your customer database and threatens to delete the data unless you pay them a fee. The insurer will cover this fee.
Coverage for losses due to customer invoices being fraudulently sent or modified.
A criminal gains access to an employee’s email account, and sends a legitimate-seeming invoice to one of your customers. The customer pays the invoice to the criminal, while your company does not get paid. The insurer will cover the net financial loss to you.
Coverage for expenses incurred in an alleged privacy or data breach, such as remediation and defense/damages in the event of litigation due to the breach.
Your customer database is breached and your customers’ passwords are leaked. A customer consequently suffers damage and sues you. The insurer would cover the costs of your litigation defense.
Coverage for damages due to the publication of media material (text, sounds, images, etc.) that results in allegations of defamation, slander, trademark or copyright infringement, etc.
Your company changes its logo. Another company alleges that your new logo infringes on their trademarked logo. The insurer would cover any legal costs in defending your new logo.
Also known as Data Security Standard (“DSS”), this is coverage for losses (defense costs and corresponding fines and penalties) due to any alleged or actual noncompliance with PCI security standards.
Your company accidentally stores some customer credit card numbers in an insecure way. Those numbers become leaked to the public, and some customers suffer damages. The insurer would cover those damages, as well as any additional fines that are assessed.
Coverage for legal defense and civil fines or monetary penalties that an insured may be required to pay if investigated by a regulatory authority following a cyber event.
Your customers’ sensitive data is leaked to the public. A government agency investigates you to assess if you have complied with all applicable privacy/data storage requirements. They find that you have not, and you are fined. The insurer would cover any legal defense costs, as well as the fine.
Coverage for lost revenues or expenses incurred due to an adverse media event following a cyber attack.
Your corporate LinkedIn is taken over by a hacker and defaced with offensive messages. The insurer would pay for a public relations firm to remedy the situation, and for any lost revenues if sales decrease because of the defacement.
Coverage for losses due to criminals deceiving the insureds’ employees into taking damaging actions, such as initiating payments to fraudulent actors.
An employee wires a vendor after receiving an urgent email from the CEO about payment being overdue. It turns out that the email was not from the CEO but from an impersonator. The insurer will cover the loss.
Coverage for an unplanned interruption, suspension, degradation, or failure in the service of computer systems which is not the result of a breach. System failures that could qualify include failures due to human error, power outages, or programming errors (restrictions apply).
One of your IT associates runs a faulty update to your IT ecosystem knocking all your computers offline for four days. The insurer would cover the revenues lost while your business was offline.
Data recovery losses are the expenses associated with replacing or recovering damaged, lost, or stolen data and software.
A cyber breach corrupts your customer database, making thousands of customer records unusable. The insurer would cover the expense of hiring a third party to restore your database to its previous state.