Cyber Liability Insurance Policy Information
Cyber Liability Insurance. Most businesses these days make use of electronic data in some form or another. Electronic data keeps a record of their customers and employees, and often electronic data puts them in touch with their customers. Everything that has to do with data takes place either on a computer or on the internet: And this means that data is susceptible to being accessed or stolen.
Cybercrime is incredibly common, and if it happens to you or your business then you could be held liable for thousands worth in damages or losses. You could even be held liable for the information compromise or loss of the information belonging to a third-party if the information breach happened on your systems.
Here's more information about cyber liability insurance and what it could mean for your business.
Cyber liability insurance protects your business from data breaches with rates as low as $27/mo. Get a fast quote and protect your customers privacy now."
Below are some answers to commonly asked cyber insurance questions:
- How Much Does Cyber Liability Insurance Cost?
- What Does Cyber Liability Insurance Cover?
- What Is First Party Cyber Liability Coverage??
- What Is Third Party Cyber Liability Coverage?
How Much Does Cyber Liability Insurance Cost?
The average price of a standard Cyber Liability Insurance policy for small businesses ranges from $27 to $59 per month based on location, number of customers, data security procedures in place and more.
What Does Cyber Liability Insurance Cover?
Cyber liability insurance helps your business deal with the costs of data breach and recovery by helping to pay for:
- Security Breach Expense - Loss that is the direct result of a security breach. Although under the forensics part of security breach the insurance company does pay the costs to determine what needs to be done going forward to prevent security breaches this policy does not pay to actually put such needed changes into effect. Those costs are the responsibility of the named insured.
- Extortion Threats - Loss that is the direct result of an extortion threat.
- Replacement or Restoration of Electronic Data - Loss to stored computer programs or electronic data within a computer system.
- Business Income and Extra Expense - Loss that is the result of an interruption is covered when it is a direct result of a cyber incident or extortion threat.
- Public Relations Expense - Loss that is the result of negative publicity is covered when it is a direct result of a cyber incident or security breach.
- Security Breach Liability - Loss that is the result of a claim which is discovered during the policy period is covered if the insured is legally obligated to pay it and was due to a wrongful act that takes places before the end of the policy period.
What Is The Difference Between First Party vs. Third Party Cyber Insurance Coverage
What Is First Party Cyber Liability Coverage?
First-party coverage covers you and your business in the event of damages, losses or claims arising from personal data. Cyber Liability insurance covers you on a variety of fronts, and sometimes also covers the recovery costs of the personal data in question.
- Damage or Loss of Electronic Data: These days, most information is stored in electronic form. This means that the information can be damaged or lost in several ways – for example, someone can simply delete the wrong file on the system and lose all the client information for a year, or the breach can be via hacker – and personal client information could be spread illegally in this way.
- Loss of Income or Extra Expenses: A technological breach could affect your business in such a way that it cost your business operating costs while the breach is repaired, or business while the systems are down. A Cyber Liability policy makes provision for this damage, and you are able to claim for the damages or losses experienced. Extra expenses, briefly, are things like the costs of recovering the lost data. This is something that should be covered under your liability insurance policy, too.
- Cyber Extortion: Cyber extortion can happen in several forms, and it can cost your business thousands of dollars – or more. For example, if a hacker held personal information ransom for $250, 000, who would pay for the lost business, the lost time and the necessary investigations? If you have cyber liability insurance, then your insurance will cover losses due to cyber extortion, too.
- Damage to Your Reputation: Cybercrime can cause a lot of damage to your business and its reputation – this can be internal, or it can turn into a scandal that makes its way to the media and costs you serious business. Either way, damage to your reputation that arises from cybercrime should be covered under your cyber liability insurance policy – and, depending on your individual policy, instances of social media damages could also be covered.
What Is Third Party Cyber Liability Coverage?
This refers to damages that may be claimed by a third-party in the case of a cyber liability loss or claim. Some of the instances that are covered:
- Network Security Liability: In short, network security liability becomes an issue when the security of the network is compromised – and usually anyone else's security in the process. This will be covered by your cyber liability insurance policy.
- Network Privacy Liability: With network security, it's just as easy for someone's privacy to be compromised over a network, and in this case it will also be covered by your cyber liability insurance policy.
- Electronic Media Liability: Electronic media liability covers all forms of electronic media from cyber liability, and while not all policies will have this clause, you should check yours to make sure if it does – ask your insurance provider if you aren't sure about the details.
- Errors and Omissions Liability: Errors & Omissions cover will insure you if any mistakes, losses or data breaches take place due to the fact that there is an omission or error from one level of the company to another.
'Real Life' Court Cases Involving Cyber Liability Insurance:
Apache Corp. v. Great Am. Ins. Co.
Apache Corporation (Apache) is an oil producing company that principally operates in Houston, Texas, but also operates internationally. Apache was insured by Great American Insurance Company (GAIC) and that policy included a "Computer Fraud" provision as part of their crime coverage. In March 2013, an Apache employee in Scotland received a telephone call from a person who identified him/herself as a representative of Petrofac, a vendor for Apache.
The caller advised Apache to change the bank account information for future payments to Petrofac. The Apache employee informed the caller that a formal request from Petrofac on Petrofac letterhead would be necessary to affect any change.
One week later, the accounts payable department of Apache's received an email from a "petrofacltd.com" address. However, Petrofac's proper email domain is "petrofac.com"; criminals had created a fake domain to send the fraudulent email. The email read "Petrofac's accounts details have now been changed"; and "[t]he new account takes ... immediate effect and all future payments must now be made into this account".
The email included an attachment of a signed notice of the change to the banking information on Petrofac letterhead that included both the old and the new bank account information. The email further informed that the attachment had also been posted (mailed) to Apache.
The responding Apache employee telephoned to confirm the request using the telephone number on the letterhead. Next, a different employee approved and implemented the change. Within days, Apache was transferring funds to the new account based on Petrofac's invoices. However, Petrofac soon informed Apache that it had not received the $7 million. After an investigation determined the criminals were based in Latvia, Apache recovered a substantial portion of the funds. However, Apache had lost $2.4 million. Apache submitted a claim to GAIC under the computer fraud provision which read:
"We will pay for loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises:
- a. to a person (other than a messenger) outside those premises; or
- b. to a place outside those premises."
In its denial letter, GAIC advised Apache's "loss did not result directly from the use of a computer nor did the use of a computer cause the transfer of funds".
Both entities filed for summary judgment and the court ruled in favor of Apache noting that the email was a "substantial factor" in the loss. GAIC appealed the decision and argued that Apache had requested the email as confirmation of the bank account change following a telephone call. The loss occurred when Apache sent payments to the wrong bank account based on a legitimate invoice. It was a loss but it was not a computer fraud loss.
Judgment was made in favor of GAIC.
(Apache Corp. v. Great Am. Ins. Co., 662 F. App'x 252 (5th Cir. 2016))
Interactive Commc'ns Int'l, Inc. v. Great Am. Ins. Co.
Interactive Communications International, Inc. and HI Technology Corp. (together, "InComm") operate a business that allows customers to put money onto reloadable bank-issued debit cards. The money is added by the customer first buying a chit from a retailer and then calling InComm's 1-800 number which connects to an interactive voice response (IVR) computer system. The consumer enters the debit card number and the PIN located on the chit at which time the IVR credits the value of the chit to the card. The funds become immediately available to the cardholder.
Between November 2013 and May 2014, fraudsters identified a vulnerability within InComm's IVR system that permitted multiple redemptions of a single chit. The vulnerability occurred when two or more calls were made to the IVR system simultaneously for the redemption of the same chit. One call would transfer the funds from the chit to the debit card account, while the other would return the chit to an "unredeemed" state which permitted a future redemption. Over seven months, InComm's system processed 25,553 fraudulent redemptions associated with 1,988 individual chits.
After the loss was discovered, InComm made a claim for $10.7 million against its computer fraud policy underwritten by Great American Insurance Company (GAIC). The policy provides coverage for:
"loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises: (a) to a person (other than a messenger) outside those premises; or (b) to a place outside those premises."
GAIC filed for summary judgment as to coverage contending that the policy does not cover InComm's loss because the scam was not executed through the direct use of a computer. It argued that the loss occurred as a result of the misuse of the IVR system. The district court granted the summary judgment and InComm appealed.
The appellate court affirmed the ruling of the district court. It held that the loss was not the result of a computer and that even if it had been due in some way to a computer, the loss remained excluded because the loss was not due to any direct use of a computer.
(Interactive Commc'ns Int'l, Inc. v. Great Am. Ins. Co., No. 17-11712, 2018 WL 2149769 (11th Cir. May 10, 2018))
Doctors Direct Insurance, Inc. Plaintiff-Appellee v. David Bochenek, Defendant-Appellant and Beaute 'E'mergente, LLC doing business as McAdoo cosmetic Surgery, Defendant
After receiving an unauthorized solicitation regarding cosmetic surgery services via cell phone text messages, David Bochenek (as a lead plaintiff) filed a class action lawsuit against McAdoo Cosmetic Surgery. The suit alleged that the unauthorized solicitation was a privacy wrongful act, in violation of the Telephone Consumer Protection Act (TCPA) and the Consumer Fraud Act (CFA).
McAdoo filed a claim for coverage with his insurer, Doctors Direct Insurance (Direct). The insurer, which provided McAdoo with a Cosmetic Surgeon's Professional Liability Policy, endorsed with cyber claims coverage, filed for a summary judgment. It argued that the unsolicited texts were not acts eligible for coverage. After a lower court ruled in favor of Direct, Bochenek appealed.
On appeal, Bochenek argued that the texts did qualify as covered, privacy wrongful acts in violation of the two referenced national acts. The allegation was based on the unsolicited texts constituting the control and use of personally identifiable financial, credit or medical information, the same language used in the cyber endorsement's definition of "privacy wrongful act". The information used to distribute the texts were a list of names and phone numbers collected from a spa.
The higher court examined Bochenek's arguments. In its review, the court found that the TCPA and the CFA prohibited certain types of unauthorized contacts and did not involve the mechanics of how call lists were created. It also found that Direct's cyber endorsement language regarding privacy wrongful acts was not, as alleged by Bochenek, ambiguous. Since the texts did not involve abuse of personally identifiable credit, financial or medical information, the court agreed that Direct did not owe a legal defense or coverage for the allegations made by the lawsuit.
The lower court ruling in favor of the insurer was affirmed.
(Doctors Direct Insurance, Inc. Plaintiff-Appellee v. David Bochenek, Defendant-Appellant and Beaute 'E'mergente, LLC doing business as McAdoo cosmetic Surgery, Defendant. Appellate Court of Illinois, First district, first Division. Case No.1-14-2919. August 3, 2015. Affirmed. Westlaw, 38 N.E. 3d.116)
Types Of Small Business Insurance - Requirements & Regulations
Perhaps you have the next great idea for a product or service that you know will appeal to your local area. If you've got a business, you've got risks. Unexpected events and lawsuits can wipe out a business quickly, wasting all the time and money you've invested.
Commercial insurance steps in to help you manage these risks, avoiding a situation which requires you to pay exorbitant costs out-of-pocket.
Insurance is so important to proper business function that both federal governments and state governments require companies to carry certain types. Thus, being properly insured also helps you protect your company by protecting it from government fines and penalties.
Small Business Insurance Information
In the business world, there are many risks faced by company's every day. The best way that business owners can protect themselves from these perils is by carrying the right insurance coverage.
The The National Association of Insurance Commissioners (NAIC) is the U.S. standard-setting and regulatory support organization. Through the NAIC, state insurance regulators establish standards and best practices, conduct peer review, and coordinate their regulatory oversight.
Commercial insurance is particularly important for small business owners, as they stand to lose a lot more. Should a situation arise - a lawsuit, property damage, theft, etc. - small business owners could end up facing serious financial turmoil.
According to the SBA, having the right insurance plan in place can help you avoid major pitfalls. Your business insurance should offer coverage for all of your assets. It should also include liability and casual coverage.
Types Of Small Business Insurance
Choosing the right type of coverage is absolutely vital. You've got plenty of options. Some you'll need. Some you won't. You should know what's available. Once you look over your options you'll need to conduct a thorough risk assessment. As you evaluate each type of insurance, ask yourself:
- What type of business am I running?
- What are common risks associated with this industry?
- Does this type of insurance cover a situation that could feasibly arise during the normal course of doing business?
- Does my state require me to carry this type of insurance?
- Does my lender or do any of my investors require me to carry this type of policy?
A licensed insurance agent or broker in your state can help you determine what kinds of coverages are prudent for your business types. If you find one licensed to sell multiple policies from multiple companies (independent agents) that person can often help you get the best insurance rates, too. Following is some information on some of the most common small business insurance policies:
|Business Insurance Policy Type||What Is Covered?|
|General Liability Insurance||What is covered under commercial general liability insurance? It steps in to pay claims when you lose a lawsuit with an injured customer, employee, or vendor. The injury could be physical, or it could be a financial loss based on advertising practices.|
|Product Liability Insurance||What is covered under product liability insurance? I pays an injured party's settlement or lawsuit claim arising from a defective product. These are usually caused by design defects, manufacturing defects, or a failure to provide adequate warning or instructions as to how to safely use the product.|
|Commercial Property Insurance||What is covered under business property insurance? General liability policies don't cover damages to your business property. That's what commercial property insurance is for. It protects all of the physical parts of your business: your building, your inventory, and your equipment, giving you the funds you need to replace them in the event of a disaster. If you work from home, you might consider a Home Based Business Insurance policy instead.|
|Business Owners Policy (BOP)||What is covered under a business owners policy (BOP)? This is a policy designed for small, low-risk businesses. It simplifies the basic insurance purchase process by combining general liability policies with business income and commercial property insurance.|
|Commercial Auto Insurance||What is covered under business auto insurance? This type of insurance covers automobiles being used for business purposes. This could include a fleet of business-only vehicles or a single company car. In some cases it might cover your car or your employee's car while they're being used for business. These policies have much higher limits, ensuring you can cover your costs if one of these vehicles gets into an accident.|
|Commercial Umbrella Policies||What is covered under commercial umbrella insurance? This type of policy is a sort of "gap" insurance. It covers your liability in the event that a court verdict or settlement exceeds your general liability policy limits.|
|Professional Liability (Errors & Omissions)||What is covered under professional liability insurance? This type of business insurance is also known as malpractice oe E&O. It covers the damages that can arise from major mistakes, especially in high-stakes professions where mistakes can be devastating.|
|Surety Bond||What is covered under surety bonds? Bonding is a contract where one party, the SURETY (who assures the obligee that the principal can perform the task), guarantees the performance of certain obligations of a second party, the PRINCIPAL (the contractor or business who will perform the contractual obligation), to a third party, the OBLIGEE (the project owner who is the recipient of an obligation).|
Who Needs General Liability Insurance? - Virtually every business. A single lawsuit or settlement could bankrupt your business five times over. You might also need this policy to win business. Many companies and government agencies won't do business with your company until you can produce proof that you've obtained one of these policies.
Business Insurance Required by Law
If you have any employees most states will require you to carry worker's compensation and unemployment insurance. Some states require you to insure yourself even if you are the only employee working in the business.
Your insurance agent can help you check applicable state laws so you can bring your business into compliance.
Other Types Of Small Business Insurance
There are dozens of other, more specialized forms of small business insurance capable of covering specific problems and risks. These forms of insurance include:
- Business Interruption Insurance
- Commercial Flood Insurance
- Contractor's Insurance
- Cyber Liability
- Data Breach
- Directors and Officers
- Employment Practices Liability
- Environmental or Pollution Liability
- Management Liability
- Sexual Misconduct Liability
Whether you need any or all of these policies will depend on the results of your risk assessment. For example, you probably don't need an environmental or pollution policy if you're running an IT company out of a leased office, but you would need data breach and cyber liability policies to fully protect your business.
Additional Resources For Small Business Insurance
Protect your company and employees with the right commercial insurance policies. Read informative articles on small business insurance coverages - and how they can help shield your company from legal liabilities.
- Small Business
- Business General Liability
- Business Liability
- Business Owners Policy (BOP)
- Certificate of Insurance
- Commercial Auto
- Commercial Umbrella
- Comprehensive General Liability
- Directors and Officers Liability
- Cyber Liability
- Employers Liability
- Employment Practices Liability
- General Liability
- Home Based Business
- Independent Contractor
- Liability Insurance Certificate
- Liability Insurance
- Professional Liability
- Workers Compensation Insurance
Your small business faces many potential disasters including: fire, floods, theft, equipment breakdown, lawsuits from clients or customers and current & former employees. Any many other risks you haven't even thought about.
A small business commercial insurance program should provide protection for both larger and smaller disasters. The obvious things like fire, flood and theft most business owners think about... but what if a hacker infects your computers with a virus - and files containing private customer information like credit card and Social Security numbers are stolen?
Who is going to pay to fix your customers credit rating etc...? Will your insurance pay for the cost? You need to know that.
Your commercial insurance program should cover events that can close down your company, or cause it to lose revenue. Anything less than that is not enough coverage. Commmercial insurance doesn't cover everything, and all policies have exclusions and limits.
You need a written plan that allows you to get your operations back up and running as quick as possible.