Does Cyber Liability Insurance Cover Anything?
It depends! I know you want a black and white answer but cyber liability insurance is not black and white. In our opinion, it’s the most gray area of insurance. But we also believe that cyber liability insurance does cover something. In fact, it covers a lot of valuable risks.
The reason many people ask the question, “does cyber liability insurance cover anything,” is because there are many pitfalls to the policies. Even the policies that appear to offer the coverage you need, may not cover what you think. For example, many cyber policies contain terrorism, war, governmental acts, or other exclusions that could be interpreted to exclude coverage for cyber attacks launched by nation state actors. As we know, most ransomware attacks are launched by state sponsored cyber criminals. So you may purchase a cyber policy with ransomware coverage that doesn’t cover you if the ransomware attack was launched by Iran, China, North Korea, or another state sponsored actor. Because of this, it is critically important that you read the fine print of your cyber liability policy.
Here is a link to an interesting article on how cyber liability insurance companies are dealing with ransomware attacks on their insureds.
You may also find our Brush Creek Partners white paper on ransomware attacks and best practices interesting. You can download it here.
What should a cyber liability insurance policy cover?
Cyber liability insurance policies SHOULD cover the following things:
- Third party network security and privacy injury liability
- Data breach response costs
- Regulatory investigations and penalties
- Cyber triggered business interruption to include failures of cloud service providers
- Cyber crime to include social engineering fraud
- Network extortion (ransomware)
- Reputation repair
There are other coverages sometimes necessary but the above should be included on all cyber liability policies. Some coverages you may consider depending on your specific situation are:
- Cyber triggered bodily injury and property damage
- Cyber triggered pollution
- Hardware replacement
- Theft of services
How do you find a cyber liability policy that properly covers your needs?
You have to start by understanding what your coverage needs are. And to analyze your coverage needs, you need to identify the cyber threats facing your organization. Once you’ve discussed those cyber threats, you can start to quantify the potential financial impact of a technology failure. Only then can you assess the specific items your cyber liability policy should cover.