While a cybersecurity incident is scary enough, even more alarming are the costs associated with one. If your company is the target of a cyber attack, you won’t only have to respond to the threat but could be left with the bill or hit with lawsuits by those affected.
At KJK, we offer thorough cyber insurance reviews to help you understand your insurance policy and find the right coverage for your business. With our expertise, we will ensure you’re covered in the event of a data breach, insider abuse or other cyber attack.
Important to Know:
What is Cyber Liability Insurance?
Cyber liability insurance covers your company’s liability for a data breach and the costs of potential lawsuits that could stem from the breach. Data breaches are expensive, and the likelihood of your business’ sensitive data getting breached increases with the experience and boldness of hackers.
Opting for a cyber insurance policy is a smart way to protect your business against the costs associated with a hacking incident. Beyond legal expenses, cyber insurance can help with notifying customers, assisting affected customers with issues such as identity recovery protection, recovering and recreating data, and repairing damaged systems.
But not all cyber insurance policies are the same. Some offer coverage for data breach investigations but not for clean-up and mitigation. Some offer ransomware response, but not for payment of ransom. If your company is the victim of identity fraud, identity theft, social engineering attacks, funds transfers resulting from email or other cyber-frauds, reputational threats, extortionate attacks, Denial of Service attacks or third-party hacks (attacks on business partners or others that impact your operations), you may not have adequate coverage.
By working with KJK to conduct cyber insurance policy reviews, you can learn exactly what your policy covers and excludes to better protect your customers, employees and reputation in the event of a cyber attack.
Important information regarding Cyber Insurance:
Does Business Insurance Include Cyber Insurance?
While having cyber insurance included in your business’ general casualty and liability (GCL) insurance policy would simplify matters, that’s rarely the case. Your business insurance typically covers things like property damage and bodily injuries related to your operations, but cyber liabilities are usually specifically excluded from coverage under these policies. Needless to say, you and your insurance company may have vastly different interpretations of what constitutes an excluded “cyber” claim, and this difference could leave you footing the bill in the event of a cyber attack or put you in the difficult position of a lengthy court battle as you try to secure payment. Since the insurance company’s duty not only to cover your claim but also to defend you against lawsuits arising out of possible cyber attacks is dictated by the language of the policy and its exclusions, a gap in coverage can leave you not only taking on the liability, but also leave you unable to effectively defend yourself.
Our team of legal cybersecurity attorneys can work with you to help identify the types of sensitive customer data you store, how likely you are to experience a cyber incident that could result in a lawsuit, and what type of cyber insurance coverage is right for you. This can not only lead to better and more appropriate insurance coverage for your risks, but also can save you money on overlapping or unnecessary coverages as well.
Risks of Having Inadequate Cyber Insurance
Having cyber insurance is essential for any business, but if you don’t know what your policy covers or find you have inadequate coverage, this could cost you and your business down the line. The wrong type or amount of coverage can have negative consequences, including enormous expenses and a longer recovery period after an attack.
Examples of inadequate cyber insurance policies include ones that do not pay your ransomware or regulatory fines or don’t cover the cost of improvements following a hack that could protect you from a breach down the road. Failure to appreciate the true costs of data breaches can lead to inadequate coverages and gaps in coverage.
Additionally, if you are a utility company, bank, healthcare provider or other crucial infrastructure organization, your business likely needs more coverage than other business types. This is because, in addition to the “direct” harms resulting to you from a hacking incident, your clients or customers may suffer harms themselves (third party claims), which may or may not be covered by your insurance policy. Collateral consequences of a breach or incident, like regulatory investigations, shareholder derivative lawsuits, reputational damage and loss of business opportunities may also be excluded from coverage. To determine how much insurance coverage is enough, it’s important to assess your cybersecurity risk.
At KJK, we work closely with clients to analyze their cybersecurity risks to ensure they aren’t under-insured and help them understand what their cyber insurance entails and whether it’s the right coverage for them.
Important to Know:
Common Cyber Insurance Misconceptions
Even if you already have cyber insurance, there are some common misconceptions about cyber insurance among business owners. At KJK, we help set the record straight so that clients know what to expect out of their cyber insurance policy.
Myth: My business doesn’t need cyber insurance because it’s too small to be hacked
Small businesses are often the target of cyber attacks because they lack larger businesses’ security infrastructure. The FBI’s Internet Crime Report showed that cyber crime costs reached $2.7 billion in 2018 for U.S. small businesses. From malware, viruses, phishing and more, small businesses should be aware of a host of common cyber threats. Remember, having cyber insurance need not be expensive. Not having the right cyber insurance certainly can be.
Myth: My business insurance covers my company
While it’s easy to assume your general liability insurance policy will protect your business, that coverage only goes so far. In almost every case, cyber risks are specifically excluded from your business insurance. As a result, your business insurance likey won’t cover things like third party’s financial loss, regulatory fines, lawsuits related to employee and customer security and privacy, and more. Having both a general liability insurance policy and cyber insurance policy is in your business’ best interests.
Myth: Cyber insurance is too costly
The cyber insurance market is becoming increasingly competitive regarding deductibles and pricing. The major factors that determine your policy costs include your risk class, the coverage amount and limits you are seeking, and revenue. Partnering with experienced cyber counsel can help you mitigate your risks and thereby reduce your potential premiums. In addition, errors on the application process can jeopardize your later ability to file claims.
Like any type of insurance, getting a comprehensive plan that covers a wide range of issues is in your best interest so that when a cyber incident occurs, you will be covered and protected.
Myth: Cyber insurance is only for a business’ technology
Many businesses assume that if they don’t have a website or another party hosts it, their business isn’t exposed to cyber threats, and they don’t need cyber insurance. However, cyber insurance extends beyond digital records to include paper records such as receipts, employment applications and files. It may also include things like cyber-related threats to key personnel (extortion, reputation, revenge, stalking), protect advertising and marketing campaigns from sabotage, and protect cyber threats that impact the company’s reputation. A common scam involves emails from vendors which have been altered to force you to transfer funds to a hacker’s bank account (or have the customer wire funds intended for you). The appropriate policy can provide a remedy for such frauds.
We’re Here to Help:
Learn If Your Cyber Insurance Coverage Works for You
At KJK, our team of legal cybersecurity, data breach, and privacy attorneys work with your organization to perform a global review of your cyber risks and coverage to help you stay protected. Call us to get started on your cyber insurance review today.