Pagoda Blog

A data breach can cause your business significant long-term damage, from a loss in revenue to a loss of credibility as a brand. While it’s important to do everything you can to prevent a data breach in the first place, preparing for the worst is equally important. Cyber liability insurance can ensure that should a data breach occur, you can react and rebound quickly while minimizing your financial loss, damage to your reputation, and disruption to operations. 

 

Who should invest in cyber liability insurance? 

As a business in the 21st century,  you most likely store sensitive data in the cloud or on an electronic device. While a general liability insurance policy or professional liability policy contains basic cyber liability coverage, a stand alone cyber liability insurance policy covers significantly more and is worth the extra investment. It’s important to have this stand alone policy if you collect personally identifiable information. (This information includes data such as a person’s full name, address, date of birth, credit card number, phone number, or any other information that could identify a particular individual.) It’s also important to note that this applies to information you may store regarding both your customers and employees. 

 

Related post: Does Your Business Need a HIPAA Seal of Compliance? 

 

Lastly, nearly a third or 28 percent of cyberattacks in 2020 targeted small businesses — a sobering reminder that size doesn’t matter. So unless your business still operates with paper filing systems, you should invest in cyber liability insurance to cover your bases. 

 

What does cyber liability insurance cover? 

Cyber liability insurance is a relatively new form of insurance, arising within the last two decades. This means that there is, as of yet, no standard policy, resulting in a wide range of offerings from insurer to insurer. Within each policy, however, you can typically find two basic types of coverage: First-party and third-party coverage. 

 

First-party coverage covers immediate expenses your business may incur after a data breach. These expenses might include repairing infected software or damaged hardware, paying a ransom, costs associated with a disruption to operations, marketing costs necessary to mitigate damage to your brand’s reputation, costs to notify employees and the public, and credit monitoring for customers. 

 

It also includes the critical first step of investigating the source of the data breach and uncovering what exactly happened, including if sensitive information was compromised and if so, how it was compromised. This step is called forensics and can uncover if the data was encrypted, blocking you access to it (in which case a recent backup can be used to easily restore the data) or if it was stolen or copied (referred to as data exfiltration) so that the hacker can sell it on the dark web. Determining the full scope of the breach gives you the information required to take next steps to recover data, mitigate the damage, and inform affected parties.      

 

Related post: 5 Ways a Data Breach Can Cause Long-Term Damage to Your Business

 

Third-party coverage covers the costs associated with legal fees and lawsuits. You may face fines from regulatory bodies such as California’s Privacy Protection Agency and/or privacy lawsuits alleging that you breached the privacy of customers and/or employees. (This is why it’s so important to do all you can to protect your customers’ data.) 

 

What cyber liability insurance doesn’t cover 

Again, this can vary depending on the insurer, however there are several exclusions that typically apply across policies. These include bodily injury or property damage claims, loss of property (such as an electronic device), and criminal activity not related to a cyberattack. One exclusion to be especially aware of is social engineering. While social engineering is a type of cyberattack and can result in compromised or stolen data, it is not always covered by cyber liability insurance.

 

It’s also important to understand that your coverage will only be honored if you maintain the appropriate security measures required by the policy. These security measures could include installing and regularly updating antivirus and antimalware software, implementing a robust password management system, and using HTTPS for your website.  

 

How cyber liability insurance works

Now that you understand why you need cyber liability insurance and what you can expect it to cover, here’s an example of how your plan would support you in the case of a data breach. 

 

Step 1: You become aware of a data breach and immediately reach out to your insurer. 

 

Step 2: Your insurer explains your coverage and recommends the best approach to address the breach. 

 

Step 3: Your insurer investigates the breach (forensics) to determine where it occurred in the network and when, how it occurred, and whether sensitive information was compromised and how.  

 

Step 4: Notify affected parties such as customers, employees, and other stakeholders. 

 

Step 5: Provide assistance with public relations. 

 

Step 6: Manage and defend any associated lawsuits resulting from the breach. 

 

Step 7: Evaluate the overall impact of the data breach on your business and suggest additional security measures to prevent a future data breach.  

 

How much coverage do you need? 

An IT Managed Service Provider can conduct an audit to determine your risk level and help you decide the level of coverage required for your business. Some factors to take into consideration are how much sensitive data your business stores, how sensitive the data is, and where you store it. This can help you begin to assess how long it might take for you to uncover the cause of a breach, notify employees and customers, and take necessary measures for compensation and the prevention of future breaches. 

 

Have questions about purchasing cyber liability insurance for your business? Get in touch. 

 

Feature photo by Sora Shimazaki from Pexels

 

Related reading: 

The 5 Key Components of a Multi-Layered Security Strategy

How to Secure Your Internet Connection: A Network Security Checklist

How to Set Up a Disaster Recovery Plan for Your Business 

 

Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and sharpen your technical skills, from cybersecurity to digital marketing. 

 

 

Want IT to serve you better?

 

 

 

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a complimentary IT consultation.