Member Login

Essential Coverages in a Cyber Liability Insurance Policy


Essential Coverages in a Cyber Liability Insurance Policy

Published Tuesday, October 10, 2017
by Diane Hipp


So you’ve heard the many news stories about cyber breaches and have decided that your business needs to investigate a cyber liability insurance policy.  What are the key coverages to look for when purchasing a policy?


Look at your policy.

Be sure that your policy includes the following:

  • First Party (defined as “ransomware”) coverage and Third Party (defined as “protection of data”) coverage provisions.
  • A Cyber Extortion Endorsement. This picks up the kidnap & ransom of your system.
  • Business Interruption. This provides coverage for the costs of the cyber crime interrupting your business operations.
  • Digital Asset coverage. Since the items stolen are not tangible, your property policy will not pick them up. This endorsement picks up the coverage.
  • Service Component. This is all of the services that need to be provided for notification when a cyber event happens.  This is the most expensive portion of a cyber claim and it is hard to determine what the actual claim will be.  Keep in mind… it is generally $100 an hour for a period of 3-4 days to determine what went wrong.  On top of that is the cost for notification to breached individuals ($41 to $221 range depending on type).  Then add on the “soft costs” for reputational damage, which is unmeasurable.
  • Access to a Hot Line that will recommend qualified consultants to assist with all aspects of the claim. Otherwise, you are on your own and the expenses can be substantial.
  • Duty To Defend provisions.
  • Regulatory Compliance coverage.
  • PCI (Payment Card Industries) coverage

We like the following carriers’ products:  Travelers, Chubb, Hanover, and Hartford.



Always the question: How much will this insurance cost?  Pricing ranges from $1,000 to $10,000 for mid-sized companies that carry a limit of $1,000,000.  Want more information?  Click here.


Why Should I Care about Cyber Crimes?

When it comes to cyber crimes,  it is not if you will have a cyber crime event, but when you will have a cyber crime event.

  • Per FBI statistics, there were 1000 cyber crimes a day in 2015 and in 2016 it increased to 4000 cyber crimes a day. An overall increase of 400%.
  • Note this as well… 60% of the small companies that have a cyber breach are out of business within 6 months.
  • Cyber crimes were originally prevalent in the Health Care industry but now the events are hitting all industry segments including manufacturing, retail, wholesale etc.

Following are the types of common claims by percentage in the Cyber Liability space that illustrate the claims noted in the marketplace:

How do they do it?

Cyber criminals are generally encrytping files in your system once they get inside and force you to pay a “ransom” from the malware virus that will seek out certain types of files in the database such as Word or Excel files.  The ransom that you pay for the release of the data is generally minimal compared to the cost to hire other people to get you out of the situation.  

Generally, a cyber criminal will use a Bitcoin dealer online and purchase a package that they use to get into your files.  They then ask for ransom in bitcoins.  The problem is that you do not know if the criminal is a terrorist organization.  If so, you now have issues with the State Security Department to consider.  Many cyber criminals are internationally based.

Ransoms are now growing higher and higher in value as the cyber criminals get better at what they do.  The amount of criminals caught in this space is limited and rare.  The event is usually developed and completed within 48 hours, and money is transacted and gone.  The “mules” that pick up the monies will get caught on occasion, but the rapid pace of the event leads to tough sting operations at the banks.

Every state has separate guidelines for what to do when a breach happens.  You have to comply with each state requirement or face penalties.  This is a moving target and very hard to determine.

The cost of a breach is huge if a lawsuit develops.  Consider this: Target had one of the largest breaches a few years ago.  They settled with their customers for $10,000,000, or roughly 15 cents per breached customer.  That is nothing, but Target spent $290 million on other costs to get to that point.  Then on top of that, their PCI vendors (Payment Card Industries) such as Visa and MasterCard added another $200 million of cost to the lawsuit.    


But my data’s in the Cloud…

Even if you have your data stored in a “cloud” environment, your company still has a responsibility to make sure that your data is protected.  You cannot rely on the cloud service company to take on your legal responsibility.

Plus, consider this: a “cloud-based” storage company can only carry so much insurance.  If the cloud company gets breached, and they have 100 customers in their cloud, you are severely reducing your collectible limit because it is shared with everyone.


Now what?

Protecting your data is Priority #1.  Buying Cyber Liability Insurance is Priority #2.  Check out our article on Phishing Schemes to help prevent your system from a cyber crime.  Even with all of the protection in the world, buying Cyber Liability Insurance is a prudent and responsible purchase to protect your data, your clients, and your business.  Click here to learn more


Analytic Solutions

Itís about more than just business insurance.

  • Would you like to save time?
  • Reduce costs?
  • Comply with regulations?
  • Improve uniformity and oversight?

Learn More >