We have been asked by our clients to explain Cyber Risk Insurance in simple terms, and in a way that they can explain the coverage to their customers. Our clients have found this useful:
What is it? Cyber Risk insurance provides protection from loss or inadvertent disclosure of confidential information such as clients’ or employees’ social security numbers, bank account numbers or credit card numbers, and from damage to or destruction of computer systems from computer viruses or hacking. Additional protection may be provided for electronic theft of money and liability from electronic media.
What does it cover? The obvious exposure is a data breach, an unintended loss or release of confidential data. Breaches can occur because of hacking, but the majority of breaches are the result of employee errors – lost laptops & password releases.
What does a breach cost? Because of state regulation, notices are required for breaches involving specific types of personal information. So breaches can be expensive due to the volume of data and the notice requirements. Cyber Risk policies typically cover the direct costs to address a breach, plus legal expenses and settlements if you are sued.
Who needs it? All organizations with confidential information or whose operations may be subject to disruption from the failure of technology should buy this coverage. Who buys the coverage? – here are some examples of Cyber Risk accounts:
Medical Service Company
Is it already covered? Cyber Risk coverage is not typically provided in standard policies. In some cases Cyber Risk coverage is added (as an endorsement) to standard policies, but typically the limit is not adequate and the coverage is not as comprehensive as a standalone policy.
How much does it cost? Costs vary depending on the size and type of business, and the amount and type of information stored. The process to get Cyber Risk coverage is (or can be) simple, and the cost is not expensive.