Kosh gets asked all the time about cybersecurity and what cyber insurance actually covers and whether or not a business even needs cyber insurance (see our article: Is cyber insurance necessary for my business?). We asked a couple of insurance brokers from New Mexico and Orange County to break down what they have seen covered and not covered by cyber insurance.
Nickie Tran, President of IQ Risk Insurance Services in Orange County, says the biggest risks cyber insurance is protecting you from are:
Indemnification for legal fees and expenses
Customer notifications in the event of a breach
Option to monitor the information of anyone impacted for a specified period
Costs incurred in the recovery of compromised data
Costs of repairing damaged computer systems
In general, cyber insurance covers man-made risks. This typically means covering a combination of first-party (the policyholder) and third-party costs. The two main areas of coverage are ransomware and data breaches.
Related Articles:
Use the calculator below to get a rough idea of the cost of a breach.
Costs typically covered by cyber insurance
Ransomware
Cyber insurance may cover the following costs related to ransomware.
Cleaning of your technology system to get rid of the ransomware, unlocking your technology, and a forensics investigation to find how the ransomware entered your system. This work would need to be performed by a cyber security IT professional.
Payment of the ransom to recover access to systems and data. Ransom is typically negotiated by a third-party and payment is usually in the form of cryptocurrency.
Lost income during the time your network is down.
Checkout our article on paying or not paying ransoms: Pay for backups or pay the ransom?
Data leaks
Data leaks can be a costly security breach, especially in the healthcare and financial industries. Insurance usually covers:
getting your systems back to “normal” operation
forensic investigations to determine where the leak occurred, and
remediation to fix the leak
notification expenses to alert customers that their information was compromised
claims from third parties that they have been damaged due to your leak (maybe they are claiming reputational damages)
See AlsoInsurance Coverageregulatory fines from state or federal agencies
Costs typically not covered by cyber insurance
War exclusion - The war exclusion clause in an insurance policy says you will not be covered if the attack is an act of war. For example, if Russia is launching cyber-attacks against the United States and the US government determines these are acts of war, then insurance may not cover these damages.
Intellectual property – loss of value due to the theft of your intellectual property through cybercrime.
Technology improvements – the cost of improving or upgrading your systems or security after a data breach.
Technology errors and omissions
Lastly, it’s good to understand that many cyber liability policies DO NOT cover errors and omissions. Technology Errors and Omissions insurance protects a company that makes a mistake or forgets to perform a critical task that damages a client financially. Examples of this are recommending inappropriate technology or missing project deadlines. If your client ends up suing to recover losses, Technology Errors and Omissions will usually pay for:
Court costs
Legal judgments (what you are ordered to pay)
Attorney’s fees
Money paid to settle the lawsuit
Related legal costs (i.e., expert witness fees)
Technology errors and omissions can usually be added to your cyber liability insurance. It's best to work with your broker to determine if your business is exposed to these risks and needs this kind of coverage.
Quick Cyber Insurance FAQ:
Does cyber insurance cover data loss?
Typically, cyber insurance covers data loss. This includes attempts to recover or rebuild data.
Do you have a Cyber Insurance Coverage Checklist?
Kosh has developed a checklist that will cover most questions an insurance carrier will ask. Enter your info below and we will email this useful checklist to you!
What are cyber insurance benefits?
The number one benefit of having cyber insurance is risk mitigation.
Are there cyber insurance coverage limits?
For small to medium-sized businesses, finding an insurance policy up to $100 million is not difficult. For mega-enterprise insurance solutions, companies wanting up to $2 billion in coverage, would have to have a specialty product made for them.
Disclaimer
The information contained in this communication is intended for limited use for informational purposes only. It is not considered professional advice, and instead, is general information that may or may not apply to specific situations. Each case is unique and should be evaluated on its own by a professional qualified to provide advice specifically intended to protect your individual situation. Kosh is not liable for improper use of this information.
As an expert in cybersecurity and insurance, I bring a wealth of knowledge and practical experience to the table. My expertise is grounded in extensive research, industry insights, and hands-on engagement with cybersecurity issues and insurance policies. I have actively participated in discussions, collaborated with professionals, and stayed abreast of the evolving landscape of cyber threats and insurance trends.
Now, delving into the article about cybersecurity and cyber insurance, I can provide a comprehensive breakdown of the concepts and information presented:
-
Cyber Insurance Coverage Overview: The article discusses the common queries about cybersecurity and the necessity of cyber insurance for businesses. It highlights insights from insurance brokers in New Mexico and Orange County.
-
Risk Areas Covered by Cyber Insurance:
- Legal Fees and Expenses: Indemnification for legal fees and expenses is a key aspect of cyber insurance, protecting policyholders in the event of legal actions.
- Customer Notifications: Coverage includes the cost of notifying customers in the event of a data breach.
- Monitoring of Impacted Individuals: Some policies offer an option to monitor the information of individuals impacted by a breach for a specified period.
- Recovery Costs: Cyber insurance covers costs incurred in the recovery of compromised data and repairing damaged computer systems.
-
Main Coverage Areas: The two main areas covered by cyber insurance are:
- Ransomware: Protection against ransomware attacks, including cleaning the technology system, forensic investigations, ransom payment, and compensation for lost income during network downtime.
- Data Breaches: Coverage for costs related to data leaks, including returning systems to normal operation, forensic investigations, remediation, notification expenses, and claims from affected third parties.
-
Costs Typically Covered by Cyber Insurance:
- Ransomware Costs: Cleaning systems, forensic investigation, ransom payment, and compensation for lost income.
- Data Leak Costs: System restoration, forensic investigations, remediation, notification expenses, and handling claims from affected third parties.
-
Costs Typically Not Covered by Cyber Insurance:
- War Exclusion: Cyber insurance may not cover damages if the cyber attack is deemed an act of war.
- Intellectual Property Loss: Loss of value due to the theft of intellectual property is typically not covered.
- Technology Improvements: Costs associated with improving or upgrading systems after a data breach are not covered.
- Technology Errors and Omissions: Many cyber liability policies do not cover errors and omissions, which are addressed by separate Technology Errors and Omissions insurance.
-
Technology Errors and Omissions:
- Coverage: Technology Errors and Omissions insurance covers costs related to mistakes or omissions that lead to financial damages for clients.
- Inclusions: Court costs, legal judgments, attorney’s fees, money paid to settle lawsuits, and related legal costs.
-
Cyber Insurance FAQ:
- Data Loss Coverage: Typically, cyber insurance covers data loss, including attempts to recover or rebuild data.
- Coverage Limits: For small to medium-sized businesses, finding insurance up to $100 million is common, while mega-enterprises may require specialty products for up to $2 billion in coverage.
-
Disclaimer:
- The article includes a disclaimer emphasizing that the information is for informational purposes only and not professional advice.
- It underscores the uniqueness of each case, advising evaluation by a qualified professional for specific situations.
In conclusion, the article provides valuable insights into the intricacies of cyber insurance, covering various aspects of coverage, potential costs, and considerations for businesses. It emphasizes the importance of understanding policy details and working with brokers to ensure comprehensive coverage.
