Cyber Insurance: What Is it and What Does it Cover?

Cyber Insurance

Cyber breaches cost organizations a ton of money. Today, the average price tag for a cyber breach is $4.45 million worldwide, up 15.3% from 2020, according to IBM. Given the astronomical costs associated with a breach and the increasing sophistication and ubiquity of cyber attacks, companies of all sizes who use technology to conduct business should carefully consider a cyber insurance policy to help mitigate their risks.

Why Is a Cyber Breach So Costly? 

Many factors impact the cost of an incident, including the type and scope of the incident; the size and industry of the organization; and the applicable regulatory standards. Cyber breaches can result in significant operational downtime and lost productivity; an impacted company may lose access to its network and files for days or even weeks. Remediation costs, too, can be significant, as companies must conduct a thorough investigation into how the breach occurred and which systems were impacted, and then fortify their systems as needed to prevent future breaches. Cyber attacks often lead to the exposure or destruction of valuable, sensitive data, including private client communications and personally identifiable information (PII) such as customer Social Security and credit card numbers, paving the way for criminals to commit identity theft. Exposure of sensitive data can lead to class action lawsuits from clients or customers as well as regulatory fines, penalties, and punitive consequences for failure to comply with applicable cybersecurity standards. Additional expenses can include the cost to notify customers of the breach, which is required by most state laws for breaches involving PII, and other crisis communications to limit reputational harm stemming from the breach.

What Is Cyber Insurance? 

Cyber insurance, also called cyber liability insurance or cybersecurity insurance, helps protect a business from losses and liability associated with data leaks and breaches. Many policies provide both first-party coverage, which refers to losses directly impacting the policyholder, and third-party coverage, which refers to losses suffered by others (such as clients) as a result of the policyholder’s cyber incident. 

What Does Cyber Insurance Cover? 

Cyber policies can vary widely in the coverage they provide. Policies typically cover litigation expenses, including any settlements or judgments up to the policy limit. Other covered losses typically include the cost of recovering or re-creating compromised or lost data; repairing damaged computer systems; performing investigations; notifying customers about the breach; and other crisis communications. Policies may also provide coverage for regulatory fines and penalties, business interruption losses, credit monitoring services for customers, and money lost due to a fraudulent instruction by a third party, such as in a phishing scam. Some policies also cover extortion payments, which apply to ransomware attacks, in which a cyber criminal locks you out of your own system and then demands a ransom payment in exchange for regaining access to your system or data. 

What Are Common Exclusions in Cyber Insurance? 

Cyber insurance policies typically exclude preventable security issues caused by the negligent mishandling of digital assets or failure to fix a known vulnerability. Other common exclusions are cyber incidents initiated by employees or other insiders, the loss of future profits due to reputational harm from the breach, and incidents that occurred before the policy’s start date.

How Much Does Cyber Insurance Cost? 

Unfortunately, the explosive growth in cyber crimes in recent years has put upward pressure on stand-alone cyber insurance premiums, which increased by 62% in 2022 alone, according to Fitch Ratings. Premium costs vary based on a number of factors, including industry, company size, the amount of technological assets to protect, policy options and coverage limits.  

If you are involved in a dispute with your business insurance company, contact us. We have the expertise, experience and tenacity to make insurance companies keep their promises to you and your business.