These days, the rate at which companies are experiencing cybersecurity breaches is alarming, to say the least. With high-profile attacks targeting all kinds of industries including healthcare, finance, retail, government, manufacturing, and energy, it’s clear that the threat landscape has evolved significantly over the past few years.
While big-name companies are the ones to make the news, the reality is that half of all cyberattacks target small to mid-sized businesses, and the costs associated with these attacks can be crippling.
The numbers involved in determining the cost of a cyber incident vary widely, and it’s safe to say it significantly affects the bottom line. Many smaller organizations don’t have the resources, time, or money to effectively manage these problems. To make matters worse, cyber attacks tend to be “sticky,” causing repeated issues and interruptions for years to come.
To proactively protect your business from cyber-attacks you need to develop a strategy for your cyber risk plan. Understanding the differences between data breaches and cyber liability is the first step in establishing your cyber risk strategy.
What is a Data Breach?
A data breach occurs when someone obtains proprietary or confidential information from your business without your knowledge or permission by hacking into your computer system, stealing a device like a laptop or smartphone, or intercepting an email designated for someone else. The breach may be perpetuated by a hacker, an opportunistic thief, or even an employee.
What is Cyber Liability?
Cyber liability comes into play when your company is accused of causing damage to an outside party as a direct result of a cyber incident. A cyber incident can happen if you or your employees aid in the spread of a malicious virus or the infiltration of another organization’s network, or if it’s determined you weren’t doing enough to protect data in your possession.
Simply put, a data breach is about losing information that you are responsible for and cyber liability is about causing a cyber incident for an outside party. Both can be costly and both are covered differently when it comes to insurance. Proactive measures are always best to prevent a cyber incident in the first place, and resources are available to help mitigate the risks including password security protocols, employee training, and firewalls. Proper insurance coverage should also be obtained in addition to your standard policies.
Types of Cyber Insurance Coverage
Data breach coverage is a first-party coverage that usually covers notification costs, credit monitoring services for individuals whose records may have been compromised, and other costs associated with the loss of data.
Cyber liability insurance is usually a standalone insurance policy that is specifically designed to provide first- and third-party insurance coverage for computer and internet-related risks, and addresses exposures associated with most cyber incidents. Generally, if cyber liability is offered in conjunction with roll-on data breach coverage on your Commercial General Liability policy, it only covers your liability to protect data in your care, custody, or control and does not protect the organization comprehensively against other cyber incidents, such as cyber business income insurance and personal and advertising injury liability.
Not All Cyber Policies Are Created Equal
Unfortunately, most cyber policies from standard carriers may cover data breaches but are not effective for cyber liability, and it’s easy to think you’re covered for all areas when you’re not. Depending on the nature of your business, many of these roll-on data breach coverages are ineffective against most costs associated with cyber incidents.
The cyber world is complex and constantly evolving. It’s imperative to proactively protect your organization from these hidden risks. We know that deciphering insurance policies can sometimes be confusing, so reach out to one of our strategic risk advisors to not only help you ensure you’re properly protected but that strategic measures are in place to reduce the risk of a cyber incident from occurring in the first place.
Topics:
