Business Owners, Do You Know What Cyber Insurance Covers (and Why You Need It)?

Reasons to hack your business can range from simply proving it’s possible to acquiring a ransom. The dark web is rife with sensitive data for sale, including Social Insurance numbers and company trade secrets. It’s also a place to score malware starter kits or ways to exploit vulnerable code. While many known hacks are reported, it’s difficult to quantify how many go unnoticed.

Smaller businesses often believe they fly safely under the radar when it comes to data protection and risk management. But the statistics show that small and midsized businesses are the most vulnerable to cyberattacks simply because they’re smaller and easy targets. Other businesses assume their data isn’t attractive to hackers since they don’t track Social Insurance numbers or store credit card data. This is also an incorrect assumption. In the cyber underworld, any data is valuable, and it’s often used to design more intelligent (and profitable) social engineering scams.

One thing’s for sure: Cyber liability insurance is a necessary part of risk management and shouldn’t be viewed as merely an option.

What does cyber liability insurance cover?

Some insurance companies distinguish between cyber liability and data breach insurance. Usually, the difference has to do with the size of the business, if there’s any difference at all. “Cyber liability” is generally a term used for larger companies, and “data breach” is often used for small and midsized companies. Cyber liability and data breach insurance aren’t standardized the way property and auto policies are. Most cyber insurance uses a customized approach to coverage — a collection of endorsements specifically tailored around your coverage needs.

Cyber liability insurance often covers costs relating to:

• Lost income caused by a cyberattack Customer notification of a data breach
• Reputational damage and public relations support
• Legal defense related to a breach Civil damages and settlement awards
• Repairing damage to computer systems and networks
• Free credit monitoring for affected customers
• Recovering encrypted data
• Cyber extortion and ransom demands, as well as ransom negotiations
• Provincial and federal fines and penalties
• Extortions paid to recover locked files in a ransomware attack
• Computer fraud
• Loss of transferred funds
• Loss of revenue and business interruption due to a cyberattack
• Dependent business interruption system failures
• System failures of outsourced providers
• Strengthening and improving your system to make it more resistant to a future breach (this may be called “betterments” coverage)

Your broker will help you identify your unique risks and find a cyber liability policy that fits your needs and budget.

Keep in mind that most of these coverages exclude employees and contractors. (For that, you’ll need employee theft coverage.)

Your broker can help with the moving parts

Cyber liability insurance responds to many interrelated moving parts, and the policies themselves can get just as complicated.

But how do you know what you need to cover if you’re unclear on the exposure and terminology?

Coverage to ask your broker about

Many cyber insurance policies are a mix and match of coverages based on specific risks (aka a per-insuring agreement). Your broker can help you insure the gaps in your cybersecurity plan by:

• Taking time to understand your business operations and data liability
• Narrowing down the type of cyber coverage that works best for your risk areas
• Explaining the cyber questionnaire required by the insurance company
• Matching you with the best cyber policy for your risk level
• Presenting you with a quote to fit your budget
• Explaining the details of the coverage and answering any questions you may have

Your cyber risk overview

Cyber insurance policies aren’t very standardized — even the terminology differs, which can be confusing. You’ll need to rely on a skilled insurance broker to match you with the best policy for your needs. They’ll help you decipher the complicated networks of cyber liability insurance and lock in plan options appropriate for your business’s risk levels.

For starters, you’ll need to evaluate a few things about your business, such as:

• Your risk exposure and liability (data storage, computers, network security, training, employees, etc.)
• The type of cyber coverage needed to transfer your liability risk (to the insurance company)
• The amount of money you can afford to pay out of pocket if you experience a data event (before your insurance kicks in)
• Compliance issues specific to your business (privacy laws)
• How much help you’ll need to maintain your data security management program (or start one)

Your insurance broker will start the process by giving you a cyber liability indication questionnaire. Be as truthful and thorough as possible in your responses. If you misrepresent the type of data your business collects, your claims history or your data or network security systems, it could mean a claim denial in the future. And a denial isn’t worth getting coverage for cheaper cost.

Give your broker a buzz

You’ve stepped up to the plate for cyber liability coverage, but you’re not feeling tech savvy enough to flip the switch on your own. Don’t judge yourself — even a technology professional would have difficulty understanding the nuances of insurance. That’s why a seasoned broker is worth their weight in semiconductor chips. Put your impressive newfound knowledge to use and give your broker a call.