Insurance Blog | Wadsworth | The O'Neill Group

Picture of Pat O'Neill
Apr 10, 2018

Does Your Ohio Company Need Cyber Liability Insurance?

Still pondering whether or not your business needs cyber liability insurance?

So are majority of businesses just like yours.

It’s estimated that only 1 in 3 organizations are equipped with cyber liability insurance.

And here’s why…

We’ve talked with hundreds of organizations just like yours about the cyber risks they face, and have compiled a list of the top 10 myths and misconceptions of cyber risk and cyber liability insurance.

  1. A data breach won’t happen to our business. This is the most common response we get. The truth is that any business, regardless of your size, is vulnerable to a cyber attack. In fact, according to the Internet Security Threat Report by Symantec Corporation, small businesses are often a leading target of spear-phishing attacks.
  2. Our business is already covered by our existing insurance. Unless you have a stand-alone policy that explicitly references your business’s cyber exposures, chances are you aren’t covered. While you may think your general liability policy is sufficient to recoup the losses caused by a cyber attack, it generally isn’t flexible enough to address new and emerging cyber perils. And with costs averaging in the hundreds of thousands of dollars per cyber security event, you’ll want a policy that can protect against anything that cyber criminals throw your way.
  3. Our business uses vendors for all of our IT services. Regardless of whether or not you outsource your IT services, the company that initially collects data and records from clients can be held responsible if a data breach occurs. This means that, even if you use third-party vendors, the legal burden of a breach will fall on you. What’s more, depending on the type of contract you have with your vendors, your legal recourse may be limited.
  4. Our business has top-notch cyber security defenses in place. When it comes to ever-evolving cyber security threats, there is no perfect solution. Even government bodies that have the latest and greatest protections are not immune to devastating cyber attacks. When these attacks occur, you will want to have a cyber liability policy in place. This will ensure that your finances remain intact following a breach, giving you some much-needed peace of mind.
  5. The financial cost of a cyber incident would not be significant. Even the smallest cyber attacks can be costly to your business. The average cost of a breach is about $158 per stolen record and, for small and medium-sized enterprises, a cyber security event can cost $36,000 or more. In some cases, cyber attacks have cost organizations millions.
  6. The application process is too difficult to complete. Due to the complexity of cyber exposures, multiple departments are involved in network security and privacy. While you may feel that this complicates the application process for cyber liability insurance, we are familiar with the risks and can help streamline policy purchases. Armed with only information regarding your organization’s business and website, we will be able to provide an on-the-spot estimate of terms and costs.
  7. Other businesses are not purchasing cyber liability insurance, why should we? Cyber liability is different from other risks in that exposures can differ heavily from business to business. What may work for your competitors or peers may not work for you. These variances are so granular that cyber policies often need to be tailored to the insured.
  8. Our data is not valuable to hackers. Almost every business collects and stores private information, including addresses, credit card numbers, bank account information and payment history. It is your business’s responsibility to protect this sensitive information or you could be found negligent and subject to a costly lawsuit.
  9. The cost of cyber insurance exceeds the benefit. As the market continues to stabilize, premiums will go down considerably. Regardless, the benefits of a cyber liability policy far outweigh any initial expenditures. For example, cyber liability insurance often goes above and beyond protecting your organization from costly breach. In fact, a standard cyber liability insurance policy often covers website media, cyber extortion, digital property, cyber crime, business interruption, privacy liability and networks. No business could ever adequately prepare for or protect themselves from a cyber threat.
  10. I can’t talk to tech people. Yes, we get this one a lot! You will need to find common ground with your IT specialists in order to have a fruitful discussion about your business’s cyber exposures. While it is likely that your IT systems are complex, your IT professional should be able to explain your company’s risks to you in a simple, jargon-free manner. As your insurance agent, we are here to help foster discussions with your IT professionals.

As technology becomes increasingly important for your business to operate, the value of a strong cyber liability insurance policy will continue to grow.

The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing your business.

In an age where a stolen laptop or hacked account can instantly compromise the personal data of thousands of customers, or a poor post on social media can be read by hundreds in a matter of minutes, protecting your business from cyber liability is just as important as some of the more traditional exposures businesses account for in their general commercial liability policies.

Your exposures are vast, ranging from the content you put on your website to stored customer data.

Awareness of the potential cyber liabilities your company faces is essential to managing risk through proper coverage.

What does Cyber Liability Insurance cover?

Possible exposures covered by a typical cyber liability policy may include the following:

  • Data breaches: Increased government regulations have placed more responsibility on companies to protect clients’ personal information. In the event of a breach, notification of the affected parties is now required by law. This will add to costs that will also include security fixes, identity theft protection for the affected and protection from possible legal action. While companies operating online are at a heightened risk, even companies that don’t transmit personal data over the internet, but still store it in electronic form, could be susceptible to breaches through data lost to unauthorized employee access or hardware theft.
  • Intellectual property rights: Your company’s online presence, whether it be through a corporate website, blogs or social media, opens you up to some of the same exposures faced by publishers. This can include libel, copyright or trademark infringement and defamation, among other things.
  • Damages to a third-party system: If an email sent from your server has a virus that crashes the system of a customer, or the software your company distributes fails, resulting in a loss for a third-party, you could be held liable for the damages.
  • System failure: A natural disaster, malicious activity or fire could all cause physical damages that could result in data or code loss. While the physical damages to your system hardware would be covered under your existing business liability policy, data or code loss due to the incident would not be.
  • Cyber extortion: Hackers can hijack websites, networks and stored data, denying access to you or your customers. They often demand money to restore your systems to working order. This can cause a temporary loss of revenue plus generate costs associated with paying the hacker’s demands or rebuilding if damage is done.
  • Business interruption: If your primary business operations require the use of computer systems, a disaster that cripples your ability to transmit data could cause you, or a third party that depends on your services, to lose potential revenue. From a server failure to a data breach, such an incident can affect your day-to-day operations. Time and resources that normally would have gone elsewhere will need to be directed towards the problem, which could result in further losses. This is especially important as denial of service attacks by hackers have been on the rise. Such attacks block access to certain websites by either rerouting traffic to a different site or overloading an organization's server.

Cyber Risk Exposure

Bottom Line

Cyber liability insurance is specifically designed to address the risks that come with using modern technology; risks that other types of business liability coverage simply won’t.

The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure.

Which is why it’s important to work with a trusted advisor that can help you identify your areas of risk and tailor a cyber liability policy that meets your specific and unique needs.

Next Step

Ready to apply for a cyber liability insurance policy?

Let’s set-up a time to talk about your business, so I can help identify the risks you face and the coverage you need.

Click here to select a meeting time that's convenient for you! 

Schedule a meeting with Pat ONeill

This article was adapted from Zywave. This is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice.