What Is Cyber Liability Insurance?

Cyber Liability Insurance Explained

Person in blue-striped shirt holding hand to head
•••

sankai / Getty Images

Cyber liability insurance protects businesses by covering expenses associated with a data breach, virus, or other malicious cybersecurity attack. It helps to support a business against legal liability from consumers and business vendors impacted by a breach. 

Cyber liability insurance is an essential insurance product for small businesses to obtain. Data breaches, cyberattacks, and ransomware are all actions that will impact a business’s livelihood. Learn how cyber liability insurance will protect your business’s data and financial bottom line, as well as others impacted by a breach.

Definition and Examples of Cyber Liability Insurance

Cyber liability insurance protects your business’s data and financial bottom line, as well as others impacted by a breach.

In recent years, as technology has improved, cyberattacks have become more of a risk for small and large businesses. According to the 2019 Bank of America Merchant Services’ Small Business Payments Spotlight report, 41% of small businesses pay more than $50,000 to resolve issues related to data breaches. Nearly 30% of consumers surveyed said they will never return to a small business that has faced a data breach.

In a recent example, Florida-based IT firm Kaseya was the victim of a ransomware attack that impacted an estimated 1,500 businesses worldwide in July 2021. Hackers harmed local dental offices, froze registers at several supermarkets in Sweden, and prevented children from going online in school in New Zealand. There is no public information as to whether or not Kaseya had cyber liability insurance; however, if the company did, it would have lessened the liability of all people affected by the ransomware attack.

When a business experiences a cyberattack, the fallout and expenses associated with it can be financially exhausting for a business owner. With cyber liability insurance, your business can protect its brand and financial standing. But if your business does not have cyber liability insurance, you are open to lawsuits and, potentially, an end to your business.

  • Alternate name: cybersecurity insurance

How Cyber Liability Insurance Works

When a business experiences a data breach or cyberattack, financial institutions typically cover the charges they believe to be fraudulent. However, banks and credit unions do not cover the responsibility of the business, which often includes crisis management with clients or people impacted. That’s where cyber liability insurance comes in.

Traditional or general liability and property insurance policies tend to directly exclude cyber risks from their terms. As a result, more companies have begun offering stand-alone cybersecurity insurance.

Cyber liability insurance covers a wide range of cyber-related losses, both to the company itself and other individuals or companies impacted by the attack. Events and items included in coverage are:

  • Data destruction or theft
  • Extortion demands
  • Hacking
  • Denial of service attacks
  • Crisis management activity related to data breaches
  • Legal claims for defamation, fraud, or privacy violations
  • Liability and defense costs

Few policies include coverage for the physical damage and bodily harm that could result from a successful cyberattack, which is an area of growing concern, according to the Cybersecurity & Infrastructure Security Agency (CISA). Since 2012, CISA has increased its research and efforts to properly develop the cybersecurity insurance market.

The cost of cybersecurity insurance will also vary. It depends on several factors, including the industry your business is in, the size of your business, and the amount of coverage you wish to secure. Most insurance companies that offer this type of coverage have limits ranging from $100,000 to $5 million per event.

According to Jeff Weaver, assistant vice president of management liability insurance at Selective Insurance, business owners should inquire about third-party coverage, which will protect the business  in the event a business owner is faced with a lawsuit as a result of allegedly failing to secure or disclose an incident.

When a company experiences a data breach or cyberattack, it is obligated to notify customers within a specific timeframe. It is also responsible for filing documents with the necessary state officials. Failure to do so may result in fines or in some cases, lawsuits, from people impacted by the breach.

Coverage will depend on the carrier, so it is important to ask specific questions regarding your policy’s coverage when choosing a cyber liability coverage policy. For instance, you may ask about the legal costs, and whether or not you can choose your own attorney or if one will be provided by the carrier.

If and when a business experiences any type of cyberattack and it is insured, it should call its insurance carrier, report the incident, then begin the process of recovering the damage. The process is similar to that of any other type of insurance.

Key Takeaways

  • Cyber liability insurance protects businesses—both large and small—from the impact of a cyberattack, as well as individuals or other companies that are impacted from the event.
  • Most cyber liability policies cover a range of cyber-related losses, including data destruction or theft, liability and defense costs, crisis management activity related to the breach, and hacking.
  • The cost of cyber liability insurance is determined by an insurance agent who understands the needs of a business.
  • If a business experiences a cyberattack, breach, or ransomware and it does not possess cyber liability coverage, it is liable for all damages.