We may reasonably assume that, like most businesses these days, you rely largely on internet-based technologies to reach out to customers, right? However, let us remind you that all digital tools have the potential to expose your business to cyber threats. While digital payment systems have enabled financial inclusion and increased transparency, they have also resulted in increased security threats and data breaches.
In this article, we will look at one 'safety net' from the insurance industry that can assist businesses challenged by the rapid growth of both external cyber threats and insider cyber crimes. Yes, we are going to talk about cyber liability insurance. After going through this article, you will have a fair idea about what cyber liability insurance is, why you need one, what it covers and excludes and many more.
Let’s start with the very basics first!
What is Cyber Liability Insurance?
Cyber liability insurance is a coverage that helps businesses and individuals reduce their financial risk exposure. It does so by covering the costs of the damage and recovery caused by a data breach, a ransomware attack or a cyber security incident. It also covers the costs of fines for noncompliance, crisis communications, lawsuits, forensics, investigations, customer refunds and even extortion payments.
Until recently, cyber liability insurance was thought to be a separate liability policy that could be added to your regular business insurance. Traditional insurance coverage was meant to cover physical asset breaches or business interruptions caused by cyber intrusions. However, cyber liability insurance has recently emerged as a specialised insurance coverage that may now cover many forms of losses resulting from different cyber-attacks and threats. Businesses have also begun to recognise the importance of cyber liability insurance and are now willing to invest extensively in it.
Get Free Quote in Minutes
Why do you need cyber insurance?
In the year 2021, cyber attacks increased by 50% as compared to 2020. Malware and ransomware attacks, compromised credentials, phishing, cloud misconfiguration, corporate email penetration and vulnerability in third-party software were the most common threats in 2021. The evolution of cyber attacks is also constantly changing. Its scope has expanded to include supply chain attacks and double/triple extortion. As cybercriminals continue to exploit new vulnerabilities, the threat of cyber-attacks appears to be increasing, at least for the time being.
In the Indian context as well, cases of online scams through ad-fishing, emails and malware are on the rise. As digital payments got extended to every nook and cranny of India during and after the Covid-19 outbreak, there was an exponential leap in such occurrences. This has made cyber security breaches a major reason for concern for organisations, resulting in a surge in demand for cyber liability insurance in India.
According to a recent report from HDFC ERGO, claims for cyber liability insurance products increased by 100% during FY 2021, primarily from the IT, pharmaceutical, auto, services and other manufacturing industries. This also validates India's recent increase in cyber attacks. Hence, there are no prizes for guessing why cyber liability insurance is quickly becoming a 'need of the hour' for organizations, with more and more businesses across industries choosing cyber insurance solutions.
Fraudulent cash transfers as a result of a cyber attack, business interruption expenses and data breaches can all devastate a company's fortunes. As an example, in 2011, Sony's PlayStation Network had a cyber intrusion. In this case, the personal information of up to 77 million user accounts was reported to be compromised. Users were unable to access internet services immediately following the breach, and this situation continued for 23 days. As a result, Sony had to incur around $ 171 million in expenditures. Sony could have prevented a significant portion of this expenditure if it had cyber liability insurance coverage in place. Unfortunately, it had insurance coverage that only covered physical property damage. When the incident happened, it did not have separate cyber liability insurance coverage.
According to a leading cyber insurance advisor, on December 31, 2021, workers of an Indian manufacturing firm received an email from the HR department informing them that the company was providing them with gift vouchers. The majority of staff, including the CEO, clicked on the link, which proved to be malware that brought the company's systems down. If the company had cyber liability insurance, it might have covered the system damage and limited business disruption costs.
You would probably agree that if you are running a business and have access to the personal information of your users/customers, data security should be one of your top priorities. Given all that has been discussed thus far, you should consider purchasing a cyber liability insurance policy if you have not already done so.
What does cyber insurance cover?
A typical cyber insurance policy in India may cover the following-
- Email spoofing- The costs incurred as a result of email spoofing by a third party will be reimbursed by a cyber liability insurance policy. Furthermore, if you file a complaint against a third party, it will cover the expense of prosecution.
- Malware attack- Following a malware attack, cyber liability insurance will cover the costs of restoring the affected computer (s). It also covers the costs of defending a claim brought by the impacted party against any legal liability resulting from the attack.
- Loss caused by IT theft- Cyber insurance covers the financial losses caused by an unauthorised cyber intrusion by a third party. Furthermore, the costs of prosecuting the third party responsible for the loss, as well as the legal fees for filing a claim against any financial institution or payment system operator, are reimbursed.
- Identity theft- This insurance covers the costs of defending a claim filed by the victim of identity theft. Furthermore, the costs of prosecuting the third party, travelling to and from court and printing/photocopying documents are all reimbursed.
- Phishing- The costs incurred as a result of phishing by a third party will be reimbursed. Furthermore, cyber liability insurance covers the expense of prosecution if you file a lawsuit against the third party implicated.
- Cyberstalking- This insurance covers the cost involved in prosecuting a third party in a criminal case.
- Cyber extortion- The cost incurred by the insured in a cyber extortion offence committed by a third party, as well as the cost of prosecution, will be covered if you file a lawsuit against the third party.
- Breach of privacy and data by a 3rd party- Covers the legal expenses of an insured if there is any damage caused by a third party's invasion of privacy and data.
- Media liability claims- Covers the expense of defence if a third party files a claim against the insured. Also covers the cost of prosecuting any wrongful media act, as well as transportation to and from court and printing/photocopying papers.
- Computer forensics- This covers the costs of hiring computer forensics professionals to identify whether a data breach occurred, to control and prevent future damage and to investigate the cause and extent of the incident.
- Reputational damage- Data breaches can have serious public relations consequences for any company. A cyber liability insurance policy will help you deal with the potential consequences by covering the costs of brand aversion caused by a cyber incident for a set period of time after the breach. It can also help reduce the possible expense by hiring public relations experts.
- Privacy liability coverage- Cyber insurance companies must also defend policyholders against associated administrative proceedings or liability suits. For example, cyber liability insurance will cover privacy liabilities. This coverage is critical for most businesses, especially those that store sensitive customer and staff information on their networks. Breach of such information not only jeopardises those affected but may also expose your company to liability lawsuits from victims of such cyber disasters. It will also provide coverage in circumstances where you are accused of violating privacy laws.
What does cyber liability insurance not cover?
You cannot claim cyber liability insurance in certain situations, mentioned as exclusions in a typical cyber insurance policy. These include-
- Death, diseases or damage to a tangible item
- Physical injury caused because of a cyber attack
- If improper or intentionally dishonest conduct from your end has led to the claim
- Media failure or malfunction
- Future profits lost due to a cyber-attack or data breach
- Unsolicited communications from your end
- Property damage caused by cyber attack
- Loss arising out of mechanical failure, standard depreciation and electrical disturbance
- Loss due to willful violation of any law, rule or regulation from your end
- Damages incurred as a result of carelessness or failure to protect information pertaining to bank accounts, credit and debit cards, internet connections and so on.
- Any legal proceedings before the policy came to force
- If you purposefully overlooked any circumstances or information that constituted the basic foundation of the claim
- Loss due to a Government order
- Any breach of registered patents, trade secrets, trademarks, intellectual property and copyright and alleged plagiarism
- Disappearance or theft of cryptocurrency
- Loss related to deals in foreign exchange, currencies, securities and sovereign funds
- Consequential loss or damage, including the loss that occurred to any 3rd party
- The cost to improve your security and technology systems after an attack
How to register a cyber liability insurance claim?
Here are the steps involved in registering a claim under cyber insurance-
- Intimation of the claim- First and foremost, the insured should notify the provider as soon as he becomes aware of the relevant cyber incident. The insured might also file a claim through a cyber security service provider with whom he has a contract.
- Assigning an investigator- An investigator is then assigned in the next phase. His responsibility is to assess the severity of the cyber incident and devise a temporary resolution plan.
- The hiring of a cyber expert- If the cyber incident is severe, a cyber expert will be appointed to conduct the incident analysis. To eliminate any biases and ensure transparency, independent cyber experts are hired rather than in-house specialists.
- Internal liasoning- This exercise involves all parties concerned (including the insured). Here, the insured's second opinion is acquired regarding the possible expense incurred in minimising the damage. If the insurance company believes it is cost-effective, the same will be accepted. The final action plan is then developed and agreed upon.
- Final approval- All information gathered thus far has been reported to the insurance provider's claim department. The department examines the details and, if satisfied, starts the process of granting final approval to reimburse the expense.
How can you get the best out of your cyber liability insurance?
Here, we are providing some important tips you should consider before purchasing cyber liability insurance coverage. By keeping these points in mind, you can get the best out of your insurance policy-
- You must have a well-documented information security/data protection mechanism in place
- Implement and maintain effective cyber security measures. Respond to cyber threats immediately and mitigate them
- When an employee departs your company, remove his access to sensitive data. If the insurer detects a breach connected to it, your claim may be denied.
- Make it a point to update your antivirus, anti-malware and anti-spyware software on a regular basis
The footnote:
We hope the discussion above will help you understand what cyber liability insurance is, why you need one and what it covers and excludes. We have also discussed other important matters related to cyber liability insurance. For the best recommendation on cyber liability insurance, you may contact BimaKavach. Here, you can get the best recommendation for any insurance product in just 5 minutes.