News of an investigation into a potential hack of Jeff Bezos’ smartphone has rekindled a wide range of discussions regarding cybersecurity. For business owners and executives, it’s a reminder to review their company’s cyber liability insurance coverage.
Cyber liability insurance protects companies if a data breach, virus or other cyber attack results in unexpected expenses. It also covers legal claims stemming from a data breach. Any company that stores sensitive data electronically should have cyber liability insurance.
Data breaches on the rise
The Identity Theft Resource Center reports that 1,473 data breaches occurred in the U.S. in 2019, a 17% increase from the previous year. In addition to breaches, more than 164 million sensitive records were exposed.
Small and medium-sized businesses may carry general liability insurance that includes cyber liability coverage, but any company that stores personally identifiable information (PII) should have separate cyber liability insurance. As with other liability coverage, cyber security policies typically provide first-party and third-party coverage.
First-party coverage pays for the expense that a company incurs following a breach, such as notifying necessary parties, business interruption costs, public relations efforts to protect your reputation and ancillary costs such as credit monitoring for customers. First-party coverage may cover extortion costs that are demanded by a hacker, but this is an area that commonly creates disputes regarding cyber liability insurance coverage.
Third-party coverage helps a company defend against lawsuits and legal claims.
How much is enough?
Because cyber liability insurance is still relatively new, there is no standard policy, and risk managers and other company leaders can be uncertain how much coverage is enough. Benchmarking your industry average can result in a company purchasing too much or not enough coverage.
A good starting point to make this calculation is to conduct a comprehensive analysis of what type of information is being stored, how it is being stored and who has access to it. This allows company officials to map out what a data breach would look like and what you stand to lose, and then compare that to actual data breach cost statistics. This is similar to determining how much it would cost to replace a building or office equipment.
If an insurance dispute occurs
Analyzing judicial treatment of policy disputes is challenging because there is not enough body of case law to interpret. Thus, resolving disputes involving cyber liability insurance is difficult. Cyber liability policies typically feature complex language regarding intricate technological systems.
It is important to enlist the help of an experienced insurance dispute law firm that understands cyber liability insurance contracts and can advocate aggressively on your behalf. As with many business disputes, these cases are frequently resolved through negotiation and sometimes arbitration. By putting experienced legal counsel in your corner, you can be assured that your best interests will be protected.