- Alliance Insurnace
Why Cyber Insurance is Important?
Updated: Jul 19, 2020
One system hack can shut down a business. One policy can protect it.
One stolen laptop or one resourceful hacker can cause a data breach with enormous consequences, both financial and reputational. In 2019, according to the Ponemon Institute and IBM Security, Cost of a Data Breach 2019 Report, the average cost of a data breach for all Canadian businesses was US$4.4 million, which is $500,000 higher than the global average of US$3.92 million.
What can members do?
When a data breach hits you or one of your clients, Cyber Liability Insurance is the policy most likely to come to the rescue. But Cyber Liability Insurance (also known as Cyber Risk Insurance and Data Breach Insurance) may be the most misunderstood insurance policy out there. And that kind of makes sense. #CyberInsurance
First of all, there’s lots of confusion about data security, which you know all too well if you’ve ever heard a news anchor try to explain what caused the latest mega breach. Secondly, Cyber Risk Insurance is one of the newest offerings in the insurance game, which means most business are unfamiliar with it.
In fact, before we can talk about this coverage, we need to take a step back to explain that there are actually two different Cyber Risk Insurance policies:
First-party Cyber Liability Insurance.
Third-party Cyber Liability Insurance.
For most small IT businesses, third-party Cyber Liability Insurance is more important. The good news: most of the Professional Liability Insurance policies we sell have third-party Cyber baked in. #CyberInsurance #DataPrivacy
First-Party vs. Third-Party Cyber Insurance: Which Do You Need?
So: does your business have first-party or third-party cyber risks? Here’s a summary of what each looks like:
First-party: The risk that your own computers and systems will be compromised (or that your data will be breached). Anyone who stores a lot of customer data (credit card numbers, emails, phone numbers) is a potential target for a breach incident, whether it’s a hack, misplaced thumb drive, or unsecured email with a sensitive attachment.
Third-party: The risk that your clients’ systems will be compromised (or that their data will be breached). If your job description includes maintaining, hosting, or manipulating clients’ data, you have the potential to cause, enable, or fail to prevent a breach.
For the smaller IT businesses, freelancers, and independent contractors we most often work with, third-party risk is far more common. That is, it’s fairly common for our customers to work with lots of client data, but less common for them to have lots of data on their own clients. (The notable exceptions are data miners, business intelligence consultants, and database administrators.)
The good news, as we mentioned above, is that most Professional Liability Insurance policies we sell include coverage for third-party Cyber Liability. To be sure your exposures are covered, though, it’s always wise to double-check with your agent whether your policy offers this protection.
What Does First-Party Cyber Insurance Cover?
Because first-party Cyber Liability Insurance covers the cost of breaches to your own network (and the cost to clean them up), it may help pay for:
Anti-fraud protection for customers.
Security incident investigations.
Insider data breaches.
Cyber extortion / ransomware costs.
Let’s take a minute to break that down. Say you’re working on an in-house directory for a corporate client. You’ve got information for thousands of company employees and you’re excited about the wireframe you’ve developed. Unfortunately, biking home from the office, the flash drive you back everything up on falls out of a hole in your computer bag.
Even if nobody ever picks up the drive and plugs it in, this counts as a breach. You have to notify your client and they want you to pay for credit monitoring for every employee whose info was on the drive. A first-party Cyber policy could handle those costs.
In addition to unfortunate mishaps like this, hacks, insider data breaches, ransomware attacks, software malfunctions, and improper configurations can all leave your data exposed. They can also likely be covered under your first-party policy.
What Does Third-Party Cyber Insurance Cover?
Time to switch gears: third-party Cyber Insurance. As we’ve pointed out, this is the coverage that protects you in the event your clients’ data is compromised, not your own. When that happens and a client sues you, third-party coverage can pay for…
Attorneys to defend your company.
Settlement costs (to resolve the lawsuit amicably).
Court-ordered damages (if you’re found liable).
Miscellaneous court costs.
Third-party Cyber Liability is typically included in an IT professional’s Professional Liability Insurance, which covers many other tech-related liabilities and lawsuits.
Cyber Liabilities for Developers, Consultants, and Project Managers
The way you’re exposed to cyber liability depends on work you do. For example:
Developers. Software developers can be liable for faulty code that is susceptible to cyber attacks, programs without proper security measures, and compromises that occur because of mistakes they make while working at a client’s office or on a client’s network.
Consultants. Unfortunately, consultants can be liable for security even if they didn’t create the IT solution that was compromised. Merely recommending an IT product can make you liable. So if you advise a client to switch to an SaaS solution and the cloud-based data is compromised, a client could blame you.
Project Managers. As a project manager, remember that “stuff” sometimes rolls uphill, too. If your subcontractor makes a mistake that leads to a data breach, the client could sue you. Mistakes by the people you manage can end up costing you.
Members can follow each other, write and reply to comments and receive blog notifications. Each member gets their own personal profile page that they can customize.
Protect your data from intruders. Do not leave computers unattended. Make sure you store your personal and business data in the secure system.