Technology is the driving force behind industry and growth for all businesses, but its advantages come with risks. Downed computer systems and lost data can have significant financial impacts. Security breaches, viruses, and information theft by computer hackers also pose a serious problem. Thousands of cyberattacks occur in the US every day, and no business is immune from this threat. Any organization that uses computers, smartphones, or digital storage devices is susceptible to cyber loss and cyber-attacks.
Businesses must maintain and protect private and proprietary information. Prudent businesses purchase private internet servers, maintain vigilant tech teams, educate their employees on best tech practices, and obtain cyber risk insurance to mitigate risk.
When purchasing cyber insurance coverage, seeking advice from an attorney can be extremely beneficial. An attorney can help your company be proactive in evaluating cyber exposures and advise on the proper coverage to protect the business. Attorneys can assist with coverage assessment by identifying coverage enhancements and gaps across existing insurance policies and by making recommendations as to additional insurance protection. After a cyber-related loss, a coverage attorney can evaluate the coverage in place, help file a claim to the insurance company, and maximize insurance recovery by properly analyzing and presenting the loss.
This post will discuss how cyber security insurance works and how a cyber risk attorney can help you secure your business.
- What is Cyber Liability Insurance?
Types of Losses that are Possible?
- First-Party Losses
- Third-Party Losses
- Costs of Cyber Losses
Traditionally the various types of conventional insurance policies available in the marketplace covered specific aspects of cyber risk, including general liability policies, commercial property policies, and crime policies. However, many of these traditional programs now commonly contain exclusions for cyber loss, requiring endorsements to bring the coverage back or requiring stand-alone cyber risk coverage procurement. An experienced insurance coverage attorney can assist with evaluating the existing coverage a business may have to address cyber loss and recommend additional coverage that should be considered. Working with an experienced insurance broker is also recommended, as a broker can best advise on the products available in the marketplace and the related cost. After a cyber loss, a coverage attorney can help the policyholder evaluate and enforce their cyber insurance coverage to maximize recovery.
First-party losses are those losses directly sustained by the insured. Examples of first-party cyber losses include damage or destruction of software, hardware, or electronically stored information caused by human error, system glitches, phishing, malware, ransomware, hacking, fraud, data corruption, etc. The cost to the business of replacing the lost data, recovering stolen property, and repairing the corrupted system is considered a first-party loss. These damages often extend beyond the loss of damaged, destroyed, or lost property. For example, businesses typically suffer public image problems and face significant costs to repair and restore the business’s reputation. Business interruption costs and loss of business are also common.
Third-party losses are those that expose the policyholder to liability claims and lawsuits from third parties (i.e., outside entities). For example, a third-party cyber loss occurs when a company is hacked and its clients’ information is stolen, and the clients seek recourse against that company. Third-party risks also include the loss of another’s electronic data, software, hardware, and the resulting loss of use. They can also include intellectual property claims, copyright, patent infringement, as well as breach of contract or negligence claims. These types of cyber-related claims are often highly complex and time-consuming.
Cost of Cyber Risk Losses
Cyber losses, including data breaches, can be costly. The Ponemon Institute, the pre-eminent research center sponsored by IBM security that is dedicated to privacy, data protection, and information security, independently conducts studies and produces an annual report providing a global overview of the costs of a data breach. In the most recent study from 2020, The Ponemon Institute surveyed 524 companies across 17 different countries; 63 of these companies were located in the United States. Based on this sampling, the consolidated average total cost of a data breach in 2020 was $3.86 million. Since 2014, the cost of a data breach has increased by 10%. Moreover, no industry appears to be immune. Cyber loss and cyber-attacks can affect almost any type of business that utilizes computers, including, notably, healthcare, finance, industrial/manufacturing, entertainment, and education.
The Ponemon Institute found that the single largest contributing cost factor is lost business due to a data breach. Lost business accounts for nearly 40% of the average total cost of a data breach. These lost business costs include increased customer turnover, lost revenue due to system downtime, and the increased cost of acquiring new business due to a diminished reputation. Further, the COVID-19 pandemic has magnified cyber risk exposure. In response to health and safety directives, a significant portion of the workforce began working from home in some capacity. This has created a variety of new concerns for businesses related to cyber security, the most pressing of which is the increased time it takes to identify and contain a breach and the added exposure pertaining to security issues with employees’ computers.
Small businesses are particularly vulnerable, as they are typically unable to weather the cost of a data breach response without insurance coverage. According to the National Cyber Security Alliance, a non-profit organization that promotes cybersecurity and privacy education and awareness to the public, 60% of small businesses hit by a cyberattack close within six months of the breach. Having cyber risk insurance can mitigate that risk and hiring an attorney can help with selecting the correct insurance and navigating a cyber risk claim.
Cyber security claims can be extremely detrimental, sometimes fatal to the success and longevity of any business. To protect against this risk, it is beneficial to consult with a coverage attorney who understands cyber risk. The attorney can assist in coordinating the placement of these policies to avoid any coverage gaps before the loss and maximize coverage after a loss occurs. Due to the complexity of cyber risk claims and the potential deleterious impact on business, an expert attorney can help businesses be proactive in arranging appropriate insurance coverage and critical in optimizing outcomes if a cyber risk claim is filed.
For more information, contact Nora E. Gray at NGray@sdvlaw.com.
Cyber Risk Insurance Policies: What You Need to Know
Law firms and cyber insurance: Under-educated and overexposed | PropertyCasualty360
What Is Cyber Liability Insurance, and Do You Need It? (fundera.com)
60% of small companies that suffer a cyber attack are out of business within six months. – The Denver Post
Cutting-Edge Insurance Coverage for Privacy and Network Security Concerns (americanbar.org)
SEC.gov | The Need for Greater Focus on the Cybersecurity Challenges Facing Small and Midsize Businesses
Cost of a Data Breach Report, IBM Security Report 2020