Cyber liability insurance protects an organization from risks associated with e-business, the internet, networks, and informational assets controlled by first and third parties. The original cyber liability policies written were almost soely for companies providing computer hardware and software services. Today, with ever changing state and federal regulations, plus the addition of compliance standards like HIPAA, PCI, and SOX, cyber liability has taken on a new identity.
The tricky aspect to cyber liability insurance is there is no defined scope of coverage necessary. Meaning most policies should be written to specifically identify your organizations needs based on what kind of intellectual/internet property is owned and what type or how much data is being stored or transferred.
Cyber liability policies can cover some or all of the following (from AmWINS):
-Third party liability coverage for alleged wrongful acts arising from the performance of services as a technology professional or consultant.
-Privacy Liability (covers loss of personally indentifiable employee and customer information).
-Security Liability (covers failure to prevent the entrance or spread of a virus/hacker attack).
-Website Media Liability (covers libel, slander and copyright infringement from your website content).
-First Party Breach Response. This can cover customer notification expenses, credit monitoring expenses, computer and legal forensic expenses, and credit and identity repair expenses.
-First Party Business Interruption and Data Recovery Expense.
As mentioned previously, there is no defined scope of coverage so no two policies will cover the same expenses or provide the same coverage.
As with all other forms of insurance, there is a certain amount of due dilligence on the policy holder’s end as well. Target is learning this the hard way. It has not been confirmed yet, but it appears that Target’s $100 million cyber liabilty policy could be worthless. If Target can prove there were no gaps in their security policy they are in the clear, but early evidence shows this will most likely not be the case.
Target is also looking at roughly $2 billion in costs from their recent breach. which is exponentially larger than their policy would have covered. No not only was the ball dropped on the compliance end, but it appears not much attention was paid when putting the policy together.
Even scarier than the above fact, a recent study shows that 65% of public companies pass up cyber insurance. Of those companies 63% of the decision makers see cyber risks as the most concerning. 71% of the companies in the survey have a security breach plan but 57% of that figure do not include cyber liability insurance as part of the plan. How do they expect pay for all of the fines and expenses? Out of pocket?
Cyber security threats and lost data at rest are legitimate concerns, why aren’t the means to mitigate that risk? Why would you choose a vendor that cannot properly draw up a cyber liability policy to protect you? Or would you rather use vendors that help you maintain your company’s industry standards and compliance?
We provide onsite data containment and destruction services that protect your company’s data from leaving your facility once a device has been retired. Our process also ensures compliance will all major industry standards and is ISO 27001 ISMS certified.