What type of activities make your business vulnerable to data breaks and cyber-attacks? What That means virtually everybody. That means virtually everybody. coverage may you normally find in a cyber liability policy? cyber liability coverage is incrementally important.
Do you do one or more of the following:
• Communicate with customers via email, text messages or social media
• Send or receive documents electronically
• Advertise your company via electronic media, such as a website or social media
• Store your company & # 39; s data on a computer network. Examples of company data are sales projections, accounting records, tax documents, and trade secrets.
Birth dates and social security numbers, and other sensitive information.
• Sell products or services through a company website
Additionally, you could incur large out-of-pocket expenses to repair or restore lost or damaged data.
Such lawsuits are not covered by a standard commercial generalization of liability (CGL) policy.
Secondly, most CGL policies contain exclusive eliminate coverage for claims based on damage based on damage by a CGL policy. the loss, damage or corruption of data or the inability to use it. "
Perhaps, you are the bookkeeper. As a result of the virus, your client is not possible to access records required for a The suits you for the damage to his data. The suit will not be covered by your CGL policy. Property damage was not at issue.
While these policies have been used for the market for almost 20 years, there is still not a common form or policy language among the forms used by the dozens of insurers who now offer cyber liability policies. Recently, one expert in the area a brave brokers who sell cyber liability a grade of C-. If those experts have a C- knowledge of the policy coverages, can you imagine what grade he would give the risk managers and business owners who buy such coverage?
The claim of a data breach or other any cyber related libel or slander, invasion of privacy, or infringement of copyright and other intellectual property rights must occur during the policy period.
Now, many cyber policies also cover various first-party expenses, which are your own damages from a cyber incident. Here are examples of the coverage that are often included (or available):
This coverage differences from business income and extra expense that are incursive expenses you incur a totally or partial shutdown of your computer system of a cyber-attack, virus or other insured peril. available under a commercial property policy.
• Loss of Data covers the cost of restoring or reconstructing your data that was lost or damaged due to a virus, hacker attack or other covered cause.
• Often as part of these notifications, fines and penalties are imposed. • Associated Costs covers costs are incurred. Such faces and penalties can be expensive and there is discussion among carriers as to the rationality for them as they are intended as as punishment or a deterrence to others. health information, identity monitoring is more important to those who may have had their health records than is credit monitoring.
• Cyber Extortion covers the costs associated with a cyber ransom threat. For example, a cyber-criminal threats to exploit a security flaw in your computer system or shut down your system with a denial of service attack unless you pay him or her a sum of money. Normally, they demand payment in bitcoins or cyber currency.
Some insurers offer a range of coverage on an "a la carte" basis. This enables insurance buyers to select the coverage that they need the most However, this can confuse the unsophisticated buyer or broker who may not select the right coverage.
However, the application is likely to be able to ask detailed questions about your firm & # 39; s computer system and how it is secured. place by prospective insures, those are occurring less and less frequently. Insurers normally inquire about the following:
• Firewall Does your system have a firewall?
• Virus Scans Do you scan email, downloaded content or portable devices for viruses?
• Responsible person Who is responsible for network security?
• Security Policy Do you have written security policy?
• Protection Software Is your system protected by anti-virus software? Do you use intrusion detection software?
• Remote Access Do employees, customers or others access your system remotely? If so, what system is in place to authenticate users?
• Sensitive Data What types of sensitive data (social security numbers, credit card information etc.) do you store on your computer system? Is the data encrypted?
• Access Do you control access to sensitive data?
• Data Controls Testing Do you periodically test your data control measures?
• Data Backup and Storage Do you back up your data daily? Where are the backups located?
By Keith Daniels
