Cyberattacks that lead to data breaches are on the rise and continue to cause untold amounts of financial damages to private companies and government agencies alike. From as early as 2005, Errors and Omissions (E&O) insurance companies started offering policies to cover the liabilities incurred from data breaches. Since then, the industry continues to grow with global premiums for data breach insurance expected to reach $7.5 billion in 2020.
Initially, data-breach insurance covered liabilities associated with unauthorized disclosures of private personal information. However, as hackers and bad actors moved away from simply stealing information and selling it to other parties (opting instead to hold entire systems hostage using ransomware) the coverage changed to include the ransomware attacks.
Ransomware Dynamics
While large data breaches still occur and personal information is leveraged for fraudulent financial gain, a greater threat for smaller organizations comes in the form of a ransomware attack. If hackers gain access to your digital infrastructure, it allows these bad actors to encrypt and take complete control of your system. Criminals will request a ransom amount in the form of cryptocurrency in order to decrypt the system and restore authorized access.
Ransomware attacks use persistent threats until a breach is successful. Companies are under constant risk of becoming a victim with no recourse except to pay to get their data back. Due to the malicious nature of this type of software, one wrong click can expose your company’s entire network.
Data Breach Insurance Policies
Cyber liability insurance policies cover first and third party damages. Each policy is different, covering different elements of a data breach and stipulating different terms and conditions related to your information security. It is important to note that standard Commercial General Liability (CGL) policies rarely cover cybersecurity liabilities.
Third-Party Coverage
Third-party coverage protects businesses from lawsuits filed against the organization due to a data breach. These policies generally cover alleged claims that your company failed to take adequate steps in order to protect personal identification information. These policies only apply if someone makes a claim against the company.
First-Party Coverage
With first-party data breach insurance policies, companies remain protected against additional damages that a successful attack causes. Examples of possible damages covered include a loss of income during the shutdown, costs for recovering data after the attack, cyber extortion (such as ransomware), and crisis management or associated financial losses.
Not all first-party cyber liability insurance policies are exactly the same, companies should ensure the exact conditions covered before signing up for a policy. Depending on the sensitivity of the information your company processes, deciding on an adequate amount of liability coverage may require a complex analysis of your specific business model and digital infrastructure.
Assessing Your Cyber Liability Exposure
To determine your exposure and liability adequately, you’ll need to perform a detailed assessment of your current digital and security infrastructure. Your security policy should cover everything from network configuration to costs associated with data storage, backup, and recovery.
For more information about determining your liability, speak to one of IntegriTech’s expert consultants today.