RECOVERING FROM A CYBER ATTACK CAN BE COSTLY.
Cyber security insurance is one option that can help protect your business against losses resulting from a cyber security attack. If you’re thinking about cyber security insurance, discuss with your insurance agent what policy would best ﬁt your company’s needs, including whether you should go with ﬁrst-party coverage, third-party coverage, or both. Here are some general tips to consider…
WHAT SHOULD YOUR CYBER SECURITY INSURANCE POLICY COVER?
Make sure your policy includes coverage for:
- Data breaches (like incidents involving theft of personal information)
- Cyber security attacks on your data held by vendors and other third parties
- Cyber security attacks (like breaches of your network)
- Cyber security attacks that occur anywhere in the world (not only in the United States)
- Terrorist acts
Also, consider whether your cyber security insurance provider will:
- Defend you in a lawsuit or regulatory investigation (look for “duty to defend” wording)
- Provide coverage in excess of any other applicable insurance you have
- Oﬀer a breach hotline that’s available every day of the year at all times
WHAT IS FIRST-PARTY COVERAGE AND WHAT SHOULD YOU LOOK FOR?
First-party cyber security coverage protects your data, including employee and customer information. This coverage typically includes your business’s costs related to:
- Legal counsel to determine your notiﬁcation and regulatory obligations
- Recovery and replacement of lost or stolen data
- Customer notiﬁcation and call center services
- Lost income due to business interruption
- Crisis management and public relations
- Cyber extortion and fraud
- Forensic services to investigate the breach
- Fees, ﬁnes, and penalties related to the cyber incident
WHAT IS THIRD-PARTY COVERAGE AND WHAT SHOULD YOU LOOK FOR?
Third-party cyber security coverage generally protects you from liability if a third party brings claims against you. This coverage typically includes:
- Payments to consumers aﬀected by the breach
- Claims and settlement expenses relating to disputes or lawsuits
- Losses related to defamation and copyright or trademark infringement
- Costs for litigation and responding to regulatory inquiries
- Other settlements, damages, and judgments
- Accounting costs
Answer truthfully on any cyber security insurance applications.
Cyber security insurance applications usually have detailed questionnaires about your IT environment and current cyber security posture. Make sure you answer all questions truthfully (involve your IT department or IT provider to help with the technical details). Lying or misstating information on your cyber security insurance application and questionnaire can potentially make your insurance null and void.