Cybersecurity Insurance – Why Needed?

07/15/19
The increasing number and sophistication of cyber incidents affect companies and organizations of all sizes and remediation of cyber incidents can be costly. Can insurance help cover the cost of cyber incidents?

Cybersecurity insurance is one option that can help protect your business against losses resulting from a cyber attack. Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage.

A robust cybersecurity insurance market could help reduce the number of successful cyber attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection. Many companies forego available policies, however, citing as rationales the perceived high cost of those policies, confusion about what they cover, and uncertainty that their organizations will suffer a cyber attack.

Traditional commercial general liability and property insurance policies typically exclude cyber risks from their terms, leading to the emergence of cybersecurity insurance as a “stand-alone” line of coverage. That coverage provides protection against a wide range of cyber incident losses that businesses may suffer directly or cause to others, including costs arising from data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations. Few cybersecurity insurance policies, however, provide businesses with coverage for an area of growing private and public concern: the physical damage and bodily harm that could result from a successful cyber attack against critical infrastructure.

In recent years, the Cybersecurity and Infrastructure Security Agency (CISA) has engaged key stakeholders to address this emerging cyber-risk area. Since 2012, CISA has engaged academia, infrastructure owners and operators, insurers, chief information security officers (CISOs), risk managers, and others to find ways to expand the cybersecurity insurance market’s ability to address this emerging cyber-risk area. More broadly, CISA has sought input from these same stakeholders on the market’s potential to encourage businesses to improve their cybersecurity in return for more coverage at more affordable rates. CISA is currently facilitating dialogue with CISOs, Chief Security Officers (CSOs), and insurers about how a cyber incident data repository could foster both the identification of emerging cybersecurity best practices across sectors and the development of new cybersecurity insurance policies that “reward” businesses for adopting and enforcing those best practices.

Types of Cybersecurity Insurance Coverage

First-Party Coverage

First-party cyber coverage protects your data, including employee and customer information. This coverage typically includes your business’s costs related to:

  • Legal counsel to determine your noti?cation and regulatory obligations
  • Recovery and replacement of lost or stolen data
  • Customer noti?cation and call center services
  • Lost income due to business interruption
  • Crisis management and public relations
  • Cyber extortion and fraud
  • Forensic services to investigate the breach
  • Fees, ?nes, and penalties related to the cyber incident

  • Third-Party Coverage

    Third-party cyber coverage generally protects you from liability if a third party brings claims against you. This coverage typically includes:

  • Payments to consumers a?ected by the breach
  • Claims and settlement expenses relating to disputes or lawsuits
  • Losses related to defamation and copyright or trademark infringement
  • Costs for litigation and responding to regulatory inquiries
  • Other settlements, damages, and judgments

  • For cyber-security resources small businesses, please visit www.insureuonline.org/smallbusiness

    To Learn More

    CMR & Associates provides independent retirement and insurance advice by reviewing your current plans to improve coverage and reduce cost. Through our proprietary database – The CMR Database® (comprised of some 13,000 brokers and specialists globally) – we maximize access to the retirement and insurance industry for greater options that will translate to better coverage and lower cost. Since 1999, we have saved clients over $120 million.

    Please email CMR Associates or call 877-447-4301 or 212-447-4300 for more information about cyber insurance and a “cyber risk assessment” consultation.