The average cost of a data breach in 2024 is $4.88 million globally, up 10% from last year, according to IBM. As the cyber threat landscape continues to evolve and cyber risks become more interconnected, cyber insurance policies – and the insurance application process – have become increasingly complex. When completing the cyber policy application, it is crucial that you dedicate due time and care to providing accurate, thorough information. It is also critical that you understand the policy you are buying – what it covers and does not cover.
Complex Application Process
Once relatively simple, cyber insurance applications are now many pages long and require intricate details about your data, IT systems, applications, devices, and security measures. After the insurance company receives your application, underwriters will likely have follow-up questions and require additional documentation. Misstatements and omissions in insurance applications can have dire consequences, including claim denial and policy recission. Therefore, it is crucial that you involve your IT management team in the application process to ensure an accurate depiction of your IT infrastructure and data.
Cyber Insurance Policies
Cyber insurance, which is also called cyber liability insurance or cybersecurity insurance, helps protect a business from losses and liability associated with cyber attacks and data breaches. Policies often provide both first-party coverage, which pays for losses incurred by the policyholder, and third-party coverage, for losses suffered by others, such as clients or customers, due to the policyholder’s cyber incident.
While every policy is different, first-party cyber coverage often includes expenses associated with investigating the nature and scope of the breach or attack, assessing the damage and areas of the business impacted, containing the attack, restoring all affected systems, and developing a comprehensive recovery plan. Policies typically cover the cost of legal counsel to advise on the steps that the policyholder is legally required to take following a breach or attack. A cyber policy will also typically cover the cost of identifying and notifying individuals whose personal data was compromised, and in some cases, the cost of victim credit monitoring. As cyber breaches can lead to significant downtime, many policies provide coverage for business interruption and loss of revenue. The policy may also cover the cost of hiring a public relations firm to help offset reputational harm caused by the breach. Policies may also include cyber extortion coverage to protect against ransomware attacks – a common type of attack in which criminals encrypt computer systems, devices or files with malware, locking victims out of their own system and then demanding a ransom in exchange for regaining access.
Third-party cyber insurance is particularly important for organizations that manage the sensitive data of others, such as customers’ personally identifiable information (PII), like Social Security numbers or credit card numbers. Network security and privacy liability coverage guards against losses incurred by third parties due to the policyholder’s errors, omissions or negligence. Cyber liability coverage may also cover the cost of defense against actions brought by regulatory bodies, as well as regulatory fines and penalties.
Common Exclusions
As cyber threats have evolved and escalated, cyber policies have become narrower, with insurance companies looking to limit their liability. Policies commonly exclude coverage for social engineering scams, in which criminals trick employees or others within the organization into wiring funds to outside accounts. And while policies generally cover remediation costs in the wake of an attack, they typically exclude the costs of upgrading a computer system to fortify it against future attacks.
If you are involved in a dispute with your cyber insurance provider or other business insurance company, contact Schwartz, Conroy and Hack, PC, for assistance. We have the expertise and tenacity to make insurance companies keep the promises they make to you and your business.
