Comprehensive Cyber Insurance: A New Staple for Every Business

Every business needs insurance to protect it in the event of adverse incidents that cause costly damage. A very basic business owner’s policy includes general liability, commercial property and business income insurance. Worker’s compensation protects employees if they become hurt or sick from their job. And professional liability insurance covers lawsuits claiming you made an error in providing professional  services that caused damage to another.

But none of these protect your business against damages from a cyberattack. Cyber liability is often excluded from general liability policies, or when there is coverage, it’s in the form of a rider and covers a lesser amount.

Insurance policies can be filled with legal terms and industry jargon, but here’s what to look for when you’re shopping for coverage against cyberattacks:

• Ideally, you want coverage that protects your business and you personally against damages in the event of a cyberattack. That’s first-party coverage.
• You also want coverage that protects your business against damages incurred by clients, vendors or even someone unrelated to your business. That’s third-party coverage.

Every business that uses computers and the internet in any way should consider a cyber insurance policy that covers both first-party and third-party claims. Think of it like this:

First party claim: Hackers stole my data, held it for ransom and made me pay. I’ve also lost 2 weeks of income sorting out this problem and getting my data back.

Third party claim: Hackers stole my customer’s (or vendor’s) information and now I have to pay for identity protection for them and/or replace their money.

And sometimes you are the third party. Just like when an uninsured motorist hits your car, if the first party to the cyberattack doesn’t have coverage, you as the third party could be stuck with the damages.

What categories of direct costs might be covered by a comprehensive policy? Here are a few to ask your insurance agent about:

• “Event” management costs. Things that fall into this category include forensic services (investigation to find the true cause and who is responsible) and expenses related to the notification of clients and vendors. Other examples include all center costs, legal services and identity monitoring.
• Recovery and restoration of lost data. This would include recovery of data that is corrupted or destroyed after a computer attack.
• Cyber extortion costs. This would be coverage for any “ransom” money you had to pay, including the expenses for consultants enlisted to help you.
• Business interruption reimbursement. This is coverage for loss of income and extra expenses to get back to business after a cyber event that causes your or your vendor’s system to fail.

To complement the cyber insurance, be sure to look at your crime coverage as well. Crime insurance protects you against theft of money. Make sure your crime insurance covers more than just employee theft, robbery, burglary and forgery. Those are traditional ways of stealing money. These days, criminals are using a virus, phishing or other traditional hacking methods to steal information and then pretend to be an authorized employee to instruct others to make transfers. Terms for this include social engineering, cybercrime, computer crime or spear phishing.

And lastly, look at the requirements for getting coverage. What protective measures are you expected to have in place before an underwriter will grant a policy? These may include multifactor authentication (MFA) or regular backups to external hardware or secure cloud. Consider investing in these so that you can get adequate coverage at a reasonable premium. MFA is fast becoming a common requirement for any cyber policy.

For an explanation of MFA and more on how you can protect your company from cybersecurity perspective, check out this article produced in conjunction with this webinar Pinnacle hosted for small and mid-size businesses.

Ken Halliburton is a principal at Miller Loughry Beach Insurance Services, Inc., a subsidiary of Pinnacle Financial Partners. He can be reached at Ken.Halliburton@pnfp.com or by calling (615) 849-4250.