Cyber Insurance, Is It Worth It?

As a tech attorney, that’s frequently speaking about privacy and data breaches, the question I get asked most often is: “Should I get Cyber Insurance, is it worth it?” If you’ve spent any time with attorney’s, my response of “it depends” should sound familiar. 

What Is Cyber Insurance?

Generally speaking, Cyber insurance covers your business’ liability for a data breach involving sensitive customer and employee information, such as credit card numbers, account numbers, social security numbers, addresses, and health records.

Rise In Cyber Crime

According to the Federal Bureau of Investigation’s Internet Crime Complaint Center, spear-phishing attacks accounted for $1.7 billion in losses in 2019 alone. 

As a result, there is a growing awareness of the risk, and insurance companies are creating a litany of insurance products to meet the growing desire and need for insurance coverage but the products and coverage vary widely from company to company and even to policy to policy. Some insurance companies allow policy holders to add “Cyber Insurance” as an additional coverage to their existing business policies, while other insurance companies hold Cyber Liability and Data Breach Insurance as two completely separate and distinct policies, outside of the traditional business policies and coverages. 

State Data Breach Notification Laws

All 50 U.S. states, the District of Columbia, Puerto Rico, Guam, and the Virgin Islands have security breach notification laws requiring businesses or governments to notify consumers or citizens if their personal information is breached.

While these laws may have similar definitions or requirements, there are also wide variations regarding what constitutes protected information, a breach, how and when to notify those affected, the laws and their application change rapidly, making it extremely difficult and expensive for businesses, especially small businesses to comply.

Broadly speaking, Data Breach Insurance covers costs related to a data breach, regardless of cause, which can involve mailing notifications to affected customers, hiring a public relations firm, taking remedial actions.

What Does Cyber Insurance Cover?

“The insurance policies are written by insurers to respond to a new wave of problems. With emerging risks, different carriers have different language to address new problems,” says John B. Mumford Jr., Richmond, VA, former Co-Chair of the ABA Section of Litigation’s Insurance Coverage Litigation Committee.

Because cyber laws and threats are constantly changing, the policies offered and what’s covered are constantly changing too. So it’s critically important, as a business owner, to ask questions about your insurance policies, coverages, and specific language relating to commercial cyber crime, attacks, data breaches, etc. to determine what is and is not covered, especially if you’re engaged in eCommerce and online business transactions.

Besides legal fees and expenses, cyber insurance may help with some or all of the following:

• Damage caused by a virus or cyber attack
• Recovering compromised data
• Repairing damaged computer systems
• Data Breach Insurance – Notifying customers about a data breach
• Customer identity protection – assistance restoring personal identities of affected customers

Is It Worth It?

Read the fine print and come prepared with questions. Only you can evaluate the cost-benefit for your business, weighing the risk and associated costs of having to come out of pocket with the insurance costs for coverage and assistance when you need it. Knowing the right questions to ask will help you determine if it’s worth it for you.

Pro Tip: If you’re a Founder or Owner, ask your insurance provider if you’re able to bundle your Cyber Insurance into your existing Homeowner Insurance. Many times there are additional discounts available when you add a Business Policy, with Cyber and Data Breach Insurance to your Homeowner’s Policy.

Additional Resource for State Data Breach Laws – Updated September 1, 2020