What is cyber insurance?
Cyber insurance is a special insurance policy that covers your business’ losses and liability for intrusions into your business’s computers, computer networks, software, payment processing, and other information technology (cyber events). Cyber events that may be covered by cyber insurance include data breaches, malware, ransomware, viruses, spyware, wire transfer fraud, phishing, denial-of-service (DoS) attacks, Trojans, adware, botnets, man-in-the-middle attacks, credit card web skimming, and others.
In addition to breaching a business’s own valuable information and processes, a data breach may target a business’s sensitive customer information, such as credit card numbers, account numbers, telephone numbers, mailing addresses, passwords, driver’s license numbers, Social Security numbers, health records, and other personally identifiable information (PII).
Recovering From a Cyber Attack Can be Costly
Cyber insurance is one option that can help protect your business against losses resulting from a cyber attack. If you’re thinking about cyber insurance, discuss with your insurance broker or agent what policy would best fit your company’s needs, including whether you should go with first-party coverage, third-party coverage, or both. Here are some general tips to consider.
What should your cyber insurance policy cover?
Make sure your policy includes coverage for:
• Data breaches (like incidents involving theft of personal information)
• Cyber attacks on your data held by vendors and other third parties
• Cyber attacks (like breaches of your network)
• Cyber attacks that occur anywhere in the world (not only in the United States)
• Terrorist acts
Also, consider whether your cyber insurance provider will:
• Defend you in a lawsuit or regulatory investigation (look for “duty to defend” wording)
• Provide coverage in excess of any other applicable insurance you have
• Offer a breach hotline that’s available every day of the year at all times
What is first-party coverage and what should you look for?
First-party cyber coverage protects your data, including employee and customer information. This coverage typically includes your business’s costs related to:
• Legal counsel to determine your notification and regulatory obligations
• Recovery and replacement of lost or stolen data
• Customer notification and call center services
• Lost income due to business interruption
• Crisis management and public relations
• Cyber extortion (ransomware) and fraud
• Forensic services to investigate the breach
• Fees, fines, and penalties related to the cyber incident
What is third-party coverage and what should you look for?
Third-party cyber coverage generally protects you from liability if a third party brings claims against you. This coverage typically includes:
• Payments to consumers affected by the breach
• Claims and settlement expenses relating to disputes or lawsuits
• Losses related to defamation and copyright or trademark infringement
• Costs for litigation and responding to regulatory inquiries
• Other settlements, damages, and judgments
• Accounting costs
Cyber insurance in Texas is designed to mitigate the financial risks associated with cyber events such as data breaches, malware, ransomware, and other IT security issues. It can cover both first-party and third-party liabilities. First-party coverage typically includes costs for legal counsel, data recovery, customer notification, business interruption, crisis management, cyber extortion, and forensic services. Third-party coverage generally includes liability protection for claims made by others affected by a cyber event, covering consumer payments, legal disputes, intellectual property infringement, regulatory response costs, and related legal expenses. Texas businesses considering cyber insurance should consult with an insurance broker or attorney to determine the appropriate coverage for their specific needs, ensuring it includes defense in legal actions, worldwide coverage, and coverage in excess of other insurance policies. Additionally, businesses should look for policies that offer a breach hotline and consider the extent of coverage for fees, fines, and penalties associated with cyber incidents.