Cyber attacks are a significant issue for every risk manager and business with any type of computer device and electronic data. If you have not suffered a cyber incident such as a system hack, data stolen or held hostage for ransom, or a phishing email scam, sit tight because the possibility is more significant than you might think. It's possible that you may have, unknowingly, already suffered an incident. With that said, it is critical for a business to implement a robust internet security program and train employees on how to identify and report anything suspicious. Unfortunately, even with these programs, there is still a possibility of your network being compromised.
Breaching systems and stealing money and data is big business for cyber criminals, and it can devastate your business into bankruptcy. There are many expenses associated with a cyber incident such as the cost to recover your data, legal fees, media mitigation, crisis management, and possible regulatory fines if employees' and customers' information is stolen. Cyber insurance can help with these expenses, including fines and defense costs. Defense cost and fines are usually within the policy limits, a deductible may apply, and exclusions, such as war, are present.
Most Cyber policies include the following coverages:
- Security Breach Expenses
- Affected Party Notification
- Employee salary to handle inquiries
- Affected Party Post Monitoring
- Media Mitigation
- Data Replacement/Restoration
- Business Income & Extra Expense
- Security Breach Liability
Cyber coverage may be added to your existing commercial policy or written as a separate policy. Several different endorsements can be added depending on the type of business and exposure needs. Regardless of how the coverage is added, it is essential to understand the policy coverages and exclusions. Contact an insurance professional to discuss proper cyber coverage to meet the needs of your operations since not all cyber policies and coverages are created equal. Keep in mind, the larger the coverage request, the more scrutiny will be placed on the business's current internet security and employee training programs. Insurance is a risk transfer to protect your business from financial hardship, but even when you are insured, your business benefits when you take responsibility to prevent losses from occurring.
Cyber liability risk is complex and is also dynamic. Businesses must include the need to address such risks in their regular planning.