Cyber Liability Insurance
Cyber Liability Insurance11.01.2016
Over the last few weeks, I have attended three conferences, and met with more than a dozen brokers and underwriters. A common topic of discussion was cyber liability insurance with examples of claims being (i) lawyers files being hacked leading to misleading wiring instructions to an erroneous bank account; and (ii) architects having their projects designs being electronically stolen and hijacked for ransom. The scope of such coverage was also addressed both under endorsements to professional liability policies and a stand-alone cyber policies. However, there is no “standard” cyber liability policy or endorsement, and the coverages offered continue to evolve not only as the risks themselves change in the face of responsive data security measures, but also as insurers navigate the waters of what they intend cover (or exclude). It is therefore useful for a professional to understand the types of coverages available to determine which best meets an insured’s particular needs and exposures.
To begin with, cyber liability insurance could provide first party coverage, third party coverage, or a combination of both. First party coverage applies to losses sustained by the professional himself or herself, and typically include property (and possibly crime) coverages as well as covering certain costs described as crisis management costs. Third party coverage applies to damages alleged against a professional for errors or omissions in creating, sending, receiving or storing electronic data usually in the form of a lawsuit, and provides for the cost to defend the claim and indemnify an insured for any obligation to pay a third party for resulting damage.
With this in mind, the unique types of first party cyber liability insurance includes: (i) Loss or Damage to Electronic Data – losses caused by damage, theft, disruption or corruption of electronic data including the costs to restore or recover lost data and the cost of outside experts to preserve or reconstruct data; (iii) Ransom/Extortion Coverage – losses and the costs/expenses to respond when a system is hacked with resulting threats to damage or destroy data, introduce a virus, deny access to the system, and/or threaten to release confidential data unless a ransom is paid; (iv) Notification Costs – coverage for the costs of notifying parties impacted by data breach in accordance with government statutes or regulations; and, (v) Damage to Your Reputation – covers the costs incurred for marketing and public relations to protect a professional’s reputation following a data breach.
Some of the first party coverages above are part of breach response or crisis management coverage. I have seen it written something to the effect that a data breach is not always catastrophic but the mishandling of a breach usually is. Moreover, the costs associated with handling a data breach are often far more significant that the actual damages sustained by third parties. While the data breaches that have made the news such as Target or Yahoo get most of the attention, the professional business can be financially crippled by the costs of dealing with these issues, and these first party coverage should be a focal point when looking at insurance needs.
The types of third party liability cyber liability coverage include: (i) Network Security Liability – covers lawsuits due to a data breach or to the inability of others to access data on a computer system, as well as the alleged failure to adequately protect data belonging to customers, clients, employees or other parties; (ii) Network Privacy Liability – covers lawsuits based on allegations that a professional failed to properly protect sensitive data stored on a computer system belonging to customers, clients and other parties, as well as arising from the release of private data (such as social security numbers) belonging to your employees; and, (iii) Electronic Media Liability – covers lawsuits for acts like libel, slander, defamation, copyright infringement, invasion of privacy or domain name infringement.
Finally, other coverages that may be available under a cyber liability policy include various crime coverages such as computer fraud, funds transfer fraud, and cyber terrorism. There have also been cyber liability policies tailored to specific professions such as the healthcare industry and financial institutions.
All information provided in this blog is for informational purposes only. The sources used are presumed accurate. Lancer Claims Services, Brown & Brown Program Insurance Services, Inc. and Brown & Brown, Inc. will not be liable for any errors, omissions, losses, injuries or damages arising from its display or use and will not assume responsibility for any misguided information. No guarantees are implied.