Cybersecurity Insurance: What It Covers, Who Needs It

Cyber insurance can protect your business in case of a hack. You may be able to add it onto a business owner’s policy.

Nerdy takeaways

  • You should have cybersecurity insurance if you handle customer data or store information about your business online.
  • Cybersecurity insurance can cover the cost of notifying your customers about a breach, legal defense and more.
  • Data breach insurance and cyber liability insurance are types of cybersecurity insurance.
  • You may be able to add some cyber coverage to your business owner’s policy.

Cybersecurity insurance protects businesses against financial losses caused by incidents like data breaches and theft, system hacking, ransomware extortion payments and more. If your small business stores sensitive information online or on a computer, you should carry at least some cyber insurance coverage. 

Some insurers offer cyber insurance as an add-on to a business owner’s policy, but you can also purchase this coverage separately. Here’s what cybersecurity insurance covers and where you can buy a policy.

What are the types of cybersecurity coverage?

Cybersecurity insurance generally comes as either first-party or liability coverage; these policies protect companies in different circumstances. If you’re a technology business, you’ll want to consider adding the different, but related, technology errors and omissions coverage, as well.

First-party coverage

First-party cybersecurity insurance covers the costs of things like: 

  • Investigation of the incident.
  • Risk assessment of future cyber incidents.
  • Lost revenue due to business interruption.
  • Ransomware attack payments based on coverage limits.
  • Notifying customers about the cyber incident and providing them with anti-fraud services such as credit monitoring.

The most common first-party cybersecurity coverage is data breach insurance.

Third-party or cyber liability coverage

Cyber liability coverage can protect your business if a third party sues you for damages as a result of a cybersecurity incident.

Cyber liability coverage generally pays for:

  • Attorney and court fees associated with legal proceedings.
  • Settlements and court judgments.
  • Regulatory fines for noncompliance.

General liability insurance excludes coverage for data-breach-related liability claims, so if your business stores customer data, you’ll want to consider a separate cyber liability insurance policy. 

Technology errors and omissions

A technology errors and omissions, or E&O, policy kicks in if a cybersecurity incident occurs in a customer’s business because of an error on your part. You should consider buying this coverage if your business manufactures a technology product or provides technology services. 

For example, if a customer’s financial data is stolen from your computer, first-party or liability insurance would provide coverage. However, if you write an accounting software program that has an error in the code and the customer’s data is stolen directly from their computer as a result, you’re now in tech E&O territory.

Technology E&O pays for items similar to that of cybersecurity liability insurance, such as legal fees, court costs, and judgments or settlements but only in covered circumstances relating to products or services. 

Which businesses need cybersecurity insurance?

Almost any business — no matter its size — can be at risk for cybercrime. But cybersecurity insurance is especially important for:

  • Businesses that store important data online or on computers. If your business stores important data, such as phone numbers, credit card numbers or Social Security numbers — either online or on a computer — you are at risk of a cyberattack. You should consider data breach insurance. If you store sensitive customer data, consider cyber liability coverage, too. 
  • Businesses with large customer bases. Insurance can help cover certain regulatory fines these businesses might be subject to following a data breach. Notifying customers of data breaches is often required by state law, and first-party policies can cover this cost, which can be significant for companies with large consumer bases.
  • Businesses with high revenue or valuable digital assets. The costs associated with cyber incidents can be difficult to predict, and larger companies are likely to have more valuable data, which could come with a more expensive ransom. 

If you are unsure whether you need cybersecurity insurance, consider speaking to a business insurance agent near you to assess your risk level and potential premiums to determine if it’s the right investment for your company.

What does cybersecurity insurance exclude?

Cybersecurity insurance does not pay for the following: 

  • Property damage. Cybersecurity insurance generally doesn’t pay for any property damage stemming from a data breach or cyberattack, such as hardware that was fried during the cyber incident. These sorts of claims are usually covered by commercial property insurance.
  • Intellectual property. During a cyber incident, intellectual property losses and any lost income associated with it are commonly excluded from cybersecurity insurance coverage. 
  • Crimes or self-inflicted cyber incidents. Virtually no cybersecurity policy is going to cover a business that is charged with committing a crime related to or causing a cyber incident. Commercial crime insurance generally covers theft by employees, though.
  • Costs for proactive preventive measures. Protective measures to avoid a future cyberattack, like training employees on cybersecurity and setting up a virtual private network, probably won’t be covered by a cyber insurance policy. 

How do I get cybersecurity insurance?

You can purchase cybersecurity insurance through most business insurance providers. 

Many business insurance companies offer cybersecurity or data breach insurance as an add-on to their business owner’s policies, though this may not be enough coverage for businesses with more complex needs. 

To get a sense of how much cybersecurity insurance is likely to cost for your business, get multiple business insurance quotes. You can do this in a few minutes from online business insurance companies or work with a business insurance agent, who can help you compare quotes and find the best coverage at the best price.

To read the full article, click here.