Risk managers and business owners face increasingly serious information technology challenges. Regardless of business size, most companies report that they suffer at least one significant data breach yearly. They also share that they have been victimized by computer related vandalism (including denial of service attacks where operations are jammed). Further, these problems tend to trigger significant financial losses.
Most security breaches have involved attempts by criminals to acquire sensitive company information, usually concerning their customers or clients. Businesses and entities that are popular targets include:
- Financial Institutions
- Hospitals
- Retailers
- Transportation Services
- Information Services
- Food Services
- Manufacturers
- Professional Services
- Universities
Even when the attempts are unsuccessful, the financial and human resource costs associated with handling these and other cyber liability risks are staggering.
The Insurance Solution
In recent years, a market has developed to offer specific Cyber Liability Insurance coverage. This was necessary because traditional property and liability coverage forms do not meaningfully address cyber risks. Two types of coverage are usually available. One type is to protect it against damage caused to its customers when its data security is compromised. A second type is for tech companies who face lawsuits from clients who claim damages by the products they purchased from such companies, such as flawed security software.
Typically, a cyber-liability policy covers harm due to unauthorized access, introduction of virus and generally any activities involving business use of the Internet. General factors to be evaluated by a business and its insurance professional in determining their cyber liability insurance needs are their scope of Internet activities, the breadth of coverage (such as named peril or “All Risk), whether the coverage should include professional liability and the amount of the coverage deductibles or coinsurance. A business should also determine if it should also arrange excess (catastrophic) levels of coverage. If business operations extend beyond the U.S., coverage should consider the need for global protection.
Cyber liability risk is complex and is also dynamic. Businesses must include the need to address such risks in their regular planning.