Cyber insurance is a specific product that addresses the needs of businesses and individuals who use the internet, specifically businesses who store customer data online. Data breaches are becoming the norm, rather then the exception, and this coverage is a specialty product designed to protect these businesses from the risks that are associated with storing customer information.

This insurance product is an essential item just in case those unexpected - or even anticipated - events occur. While many companies forgo the necessary coverage, citing the additional cost of even more insurance, the costs from not having cybersecurity insurance are high.

Traditional business liability insurance and property insurance policies are written to exclude cyber risks from their terms, leading to the emergence of cyber insurance as a “standalone” product. To understand cybersecurity insruance, you must first understand the types of insurance offered, so when you do go to add this type of insurance to your coverage, you know what type of coverage to get.

The Key Types of Cyber Insurance Offered

The classification of cyber insurance packages can take on many different forms and categorizations based on a range of criteria. For example, it can be classified by coverage, locality, or even risk. Generally speaking, these are the key types that are available for businesses and individuals.

First-Party:

This includes all the people that are directly involved in the incident. Typically, it will cover the victim for a range of issues including the following:

  • Data Destruction
  • Extortion
  • Online Theft
  • Hacking Activities
  • Deliberate and Accidental Denial of Service

Liability Coverage:

This is a package for situations that are caused by others. Some of the areas that might be taken into consideration include the following:

  • Errors of Commission
  • Errors of Omission
  • Data Breaches
  • Data Theft or Business Secrets
  • Defamation and Related Negative Publicity

General Benefits:

This package covers a host of other potential benefits that are associated with being in possession of full and valid cyber insurance. These benefits include the following:

  • Structured and Planned Security Audits
  • Post Incident Management
  • Public Relations Initiatives
  • Major Investigations and Reports
  • Criminal Reward Funds

In other words, cyber insurance covers one of the following: risks to the person or business, liability for claims, and the consequences of those claims. The best form of cyber insurance is one that is comprehensive and operational in all circumstances.

A Risky and Unpredictable Working Environment

Regardless of all the precautions that are taken by any business that uses the internet, there are bound to be breaches. A case in point is the threat from viruses and other forms of cyberattacks. The system works on the basis of regular updates to the protective mechanisms following an attack. Before the threat is fully understood, all the computers that are accessing the internet at the time are vulnerable. In fact, this is one of the main reasons why it is nearly impossible to completely eliminate virus attacks.

Those companies that purchase some form of cyber insurance are not in bad company at all. For example, research has shown that at least a third of companies who operate on the internet have implemented a cyber policy that include elements of insurance. The insurance companies have responded in kind with many offering the new service. Experts still argue that there is a lot more that needs to be done in order to keep companies safe from the risks of using the internet. Some insurers may be offering the same service but under a slightly different label. Regardless, the goal is to be able to use the internet without the fear of an attack.

Offers and Packages

Depending on need and affordability, it is possible to negotiate a very flexible cyber insurance package. For example, some insurers are able to offer both first and third-party coverage. The first-party is very useful if there is a loss of property or income as a result of a listed incident. The listed incident is that eventuality that has been insured against. This is a very important consideration for buyers, and you need to read the fine print carefully. There are very specific circumstances in which the insurance will be rendered unenforceable even if your have been keeping up with the payments. One of the critical assessment processes is the exclusion criteria by incident.

Third-party coverage tends to focus on the obligations of the insured person to compensate those that are affected by others’ actions or omissions. The other parties may include the government, clients, suppliers, and even competitors within the sector. Normally, these are settled between and among insurers rather than getting the individual parties involved. The only time that the insured person will incur a cost is through the deductible and when they come to renew their package. The insurer is likely to increase the premium for those that have filed claims because they demonstrate a higher risk than those that have never had a claim.

Categories of First-Party Cyber Insurance Coverage

In this case, the insurance package is designed to pay the policy owner for the costs, damages, and inconvenience that they incur as a result of the listed incident. There are many configurations of coverage for this type of insurance, and they broadly reflect consumer needs, preferences, and tastes. Here are the common ones:

  • a

    Fraud and Theft:

    Such a policy can be used to pay for costs that arise out of the destruction or loss of data due to a theft, fraud, or related criminal matter. They may also be used to cover the risks that are inherent in funds transfer and other crimes of dishonesty.

  • b

    Forensic Work:

    Such a policy may be used in order to meet some of the costs of a forensic investigation. They will pay for whatever technical and legal services are required in order to meet the standards of the presiding court. These costs may be prospective in so far as they prevent an attack. They are concurrent if they happen during an attack. They can even be retrospective if they happen after the attack.

  • c

    Business Interruptions:

    Under this type of policy, the costs of business interruption following an incident are covered to a great extent. These may include loss of income as well as any other subsequent costs. The key qualifying criterion is that the policyholder is unable to conduct normal business due to the cyberattack.

  • d

    Cover for Extortion and Blackmail:

    Some of the most modern avenues for cyber crime involve holding the policyowner to a ransom under blackmail. In order to save the company or website from further damage, the policyholder may opt to pay out the ransom. At other times, the payment of the ransom assists in the gathering of evidence about the perpetrators.

  • e

    Loss of Data and Restorative Work:

    A policy may be obtained for purposes of covering the eventuality of data loss as well as the restorative work that is required in order to bring things back to parity. The costs that could be paid include those of repairing or replacing a damaged computer as a consequence. The policy may also cover other assets that are related to the incidents. These may include hardware and software as well as data and information.

Given the range of personal circumstances and incidents, service providers will sometimes discriminate against certain requests. That is why some policies are much easier to find than others. For example, a cyber insurance provider may be reluctant to be held responsible for the additional financial costs of the incident including loss of income. This is particularly true in cases where there is an imminent threat.

Categories of Third-Party Cyber Insurance Coverage

There are certain distinctions between the various service packages that are available with third-party cyber insurance coverage. Some of the options that are included in the provision are as follows:

  • 1

    Litigation Coverage:

    This is a service package that focuses on the costs of meeting obligations that arise out of court judgments, lawsuits, penalties, and fines that are imposed in relation to a specifically listed incident.

  • 2

    Regulatory Coverage:

    This type of product will be crucial in helping to pay for all the forensic and technical services that are mandatory when responding to a government request or order. This may come about after a cyberattack where the government wants to understand the causes better or prevent the incident from happening again. The policy may also pay if the insured entity is fined as a consequence of the inquiry.

  • 3

    Communications and Notifications:

    This is the type of policy that will cover all the costs that are associated with notifying relevant stakeholders about the incident and the procedures for dealing with the incident. The stakeholders may include employees, clients, and even the wider community.

  • 4

    Crisis Measures and Emergencies:

    The coverage that is envisaged under this product is that which comes into play when there is any sort of emergency or unexpected event that requires an extraordinary response. The cyber insurance policy will cover all the additional costs that have to be expended in order to overcome the crisis. This may include putting out warning signs to members of the public after the incident.

  • 5

    Credit Monitoring and Review:

    This is a policy that will compensate the owner of the policy if they have to engage in credit monitoring and review as well as anti-fraud measures when an incident occurs. They can also claim for offering any services over and above the norm due to the cyber-event.

  • 6

    Liability for Media Issues:

    This is a package that will cover the expenses that are related to media overtures following an incident. The same category may also be used if there is a copyright pending and an infringement happens or an online publication leads to serious insurance costs that must be met in order to avoid further liabilities

  • 7

    Liability for Breach of Privacy and Confidence:

    This is a policy option that covers liability that might arise if there has been a breach of customer confidentiality following the incident. A case in point is hackers getting into private bank accounts or publishing the details online.

Given the range of personal circumstances and incidents, service providers will sometimes discriminate against certain requests. That is why some policies are much easier to find than others. For example, a cyber insurance provider may be reluctant to be held responsible for the additional financial costs of the incident including loss of income. This is particularly true in cases where there is an imminent threat.

Relative Costs and Premiums of Cyber Insurance

Each provider will come up with a premium that is sufficiently high to cover their obligation. It will also provide them with an incentive to insure in the form of profit. Existing research shows that these packages can cost as little as $10,000 and as much as $1,000,000 per policy depending on the circumstances and the reasons for the application.

The lack of knowledge and competence in this niche means that there is limited premium homogeneity. The variances can be as much as 25 percent in a selected sample of cyber insurance packages. That is why it is imperative to research and bargain in order to get the best possible premium at the lowest possible price.

Meanwhile, cyber insurance is gaining popularity. Marsh recently reported that coverage was increased across the United States by up to 30 percent. The biggest clients come from the service and professional sectors, which need this type of cover in the wake of a cyber crime explosion. The liability purchased can range anywhere from $1,000,000 to $5,000,000. The maximum that most insurers will allow is about $20 million.

Nevertheless, that does not prevent the buyer from stacking up their insurance packages right up to over $300 million. This is an industry that is gaining credibility, customer share, and coverage precisely because there is a need and a willing market for it.

Sources:

  • https://obamawhitehouse.archives.gov/the-press-office/2015/02/13/fact-sheet-white-house-summit-cybersecurity-and-consumer-protection

  • http://infosecon.net/workshop/slides/weis_5_1.pdf

  • http://doas.ga.gov/risk-management/announcements/Announcements/New-Cyber-Insurance-Coverage

  • https://www.cfr.org/blog/new-cyber-brief-creating-federally-sponsored-cyber-insurance-program