Cyber insurance is designed to insulate policyholders from financial consequences resulting from cyber incidents. Those incidents include everything from a large-scale data breach to an accidental denial of services.
These types of incidents are becoming more common. Even worse, they are becoming more consequential. In just the first six months of 2017 more than 1.9 billion data records were exposed in 918 separate breaches. Considering that the average cost of each record exposed is $225, the total financial impact of cyber crime is astounding.
It is incumbent on all companies to understand the scope of the threat and to put the appropriate protections in place. But companies must acknowledge that even best in class protections have proven inadequate, and some sort of cyber incident is likely.
Cyber insurance is an important piece of the defense strategy because it ensures that incidents are annoying rather than catastrophic. It does that, in part, by covering the cost of lawsuits, but there are important exemptions and exceptions to be aware of. Read on to learn about enhancing your coverage and defending your business.
Are lawsuits included in coverage?
Whether lawsuits are included in coverage or not depends on the policy. Some do not include coverage for lawsuits while others restrict the type of lawsuits they cover or the coverage limits they offer. Cyber crime and the cyber insurance that covers it are both evolving rapidly. Furthermore, the details of every incident and the fallout that results are all a little different. So while cyber insurance may provide coverage for broad types of liability and lawsuits, the details have a big impact on the final payout. It's essential for anyone considering cyber coverage to study exactly when, where, why, and how coverage applies to lawsuits.
Does coverage include all lawsuit costs?
This is another area that requires careful consideration. Some policies will only cover the cost of defending a lawsuit while others cover the damages (within limits) as well. If only the defense is covered and you lose the lawsuit, the damages could be a much harder financial hit. It's also important to consider whether a policy stipulates that specific lawyers/firms be used to handle the defense. If a company already has preferred counsel it could be a point of friction.
Examining a data breach lawsuit
In order to fully understand the cost/benefit of cyber insurance that covers lawsuits, it helps to look at a real-life example. When the retail giant Target exposed the credit card data of 70 million shoppers during the 2013 holiday shopping season it was one of the worst data breaches in history. Four years later, Target settled lawsuits filed by 47 states and the District of Columbia for a total of $18.5 million. Having to pay even a fraction of that settlement would sink many businesses. And to underscore the point, the data breach cost Target $252 million in total including lawsuits and other costs.
Target had been proactive about getting cyber coverage, and before the breach it had around $100 million in coverage. By the time everything was paid out, however, cyber insurance only covered 36 percent of the total cost. This highlights how important it is to consider the details of coverage and the boundaries of the coverage limits in the wake of a major cyber incident.
Do you need cyber coverage for lawsuits?
The previous example may leave you thinking that cyber insurance is an unnecessary expense considering that Target still had to pay a lot out of pocket. But consider what Target would have had to pay extra if cyber insurance was not in place - $90 million.
Cybersecurity is an issue that is on everyone's mind right now. Every few months bring another large-scale data breach, and in between hackers launch many smaller and more sophisticated attacks. At this point most people have had their private information exposed multiple times over. And they have less and less patience for the companies that put data at risk.
The size of class-action settlements is rising along with the frequency. They are coming from affected consumers along with third parties, government regulators, and other stakeholders who are impacted following a wide-reaching cyber incident. Defending against dozens of different lawsuits is expensive, and settling those lawsuits is disastrous.
Forward-thinking companies understand the size of this threat and are taking proactive measures to safeguard themselves. Cyber insurance is an essential component, but having the right cyber insurance is even more important. Once companies have coverage in place they are insulated from the kinds of incidents that are impossible to recover from. Cyber coverage for lawsuits should be considered essential.
As you search for options that provide the coverage, simplicity, and service you're looking for, rely on the resources of this website to make comparison-shopping easy.
Sources:
https://www.cnbc.com/2017/09/20/cyberattacks-are-surging-and-more-data-records-are-stolen.html
https://thejournal.com/articles/2017/07/18/average-cost-per-record-of-us-data-breach-in-ed-245.aspx
http://fortune.com/2017/05/23/target-settlement-data-breach-lawsuits
https://itsecuritycentral.teramind.co/2017/12/26/data-breach-cost-rise-in-law-settlements