ANSWER: Cyber risk is the risk of any financial loss, compromised data, or damage to the business’s reputation from some type of failure or corruption of its information technology systems.*
According to the National Association of Insurance Commissioners, here is an in depth guide to understanding more about cyber risk:
Cyber Risk Management
Cyber risks and data breaches are a growing liability for businesses everywhere that are using electronic services and devices that contain personal and confidential information of their business and clients. Cyber-attacks may come from anywhere by hackers, terrorists, criminals, or anyone who have found the opportunity to get inside the mainframe, whether it is intentional or unintentional. These attacks usually are due to gain financial information belonging to clients that result in enormous losses for the business and its clients. Other attacks are used to gain information that will give the attacker some political, military, or economic advantage.
Cyber risks include:
- Data and security breaches usually are due to hackers or criminals looking for private financial information belonging to clients such as Social Security numbers, credit cards, employee information, and other information that would result in loss for the business and client.
- Hackers are also able to hack into a business’s network and cause it to be inactive for a short or long amount of time, resulting in financial losses that grow as long as it is inactive.
- If the public learns that the business suffered a data breach and loss of confidential information, it could severely damage their reputation.
- Damages due to a hacker’s actions can result in high costs to clean up the mess.
- Hackers can steal valuable data such as trade secrets, customer lists, and other assets.
- Hackers can also introduce malicious viruses such as malware and worms.
- Loss of sensitive information could also come from accidents from employees that send information out to recipients that were not intended to receive confidential documents.
- Clients affected by a security breach require constant credit monitoring, which can end up to be very costly.
- Lawsuits alleging trademark or copyright infringement.
Cyber Liability Policies
Most businesses have commercial insurance that provide general liability coverage to protect them from injury or property damage. However, most standard commercial lines policies lack protection to many different kinds of cyber risks. A special cyber liability policy is needed to protect a business from all types of unique cyber risks. However, cyber risk remains difficult for insurance underwriters to offer as a unified service to businesses due to such unique risks. Insurers instead go through data and the type of business that the organization partakes in and customizes a special package that would be best for them, although at a cost. Depending on the business, the cyber liability insurance will be different varying businesses and all come at different prices. In addition, the size and number of clients, presence on the Internet, data managed, and various other factors can also play a part in the type of coverage and pricing.
Cyber liability policies might include one or more of the following types of coverage:
- Liability for data, security, or privacy breaches. This includes any loss of confidential information due to unauthorized access to the business’s network.
- Data and security breaches come with damage control such as notification of those affected, customer support, and client monitoring services that end up costing the business quite a pretty penny.
- Electronically stored business assets that require restoration, updating, or replacing incur costs that may be covered by cyber liability insurance.
- Data breaches can cause businesses to halt operation, resulting in financial losses in sales.
- Losses that result from any damages to reputation when the allegations involve business websites, social media, or newspapers.
- Expenses related to cyber extortion or cyber terrorism.
- Expenses related to regulatory compliance for billing errors, physician self-referral proceedings and Emergency Medical Treatment and Active Labor Act proceedings may also be included in the coverage.
Cyber liability insurance requires research and some shopping to acquire. Insurers will require a lot of information about the business in order to assess what type of cyber liability insurance best fit for the company. They will inquire about antivirus and anti-malware software, firewalls, risk-management of its networks, website, and intellectual property and assets, disaster response plan, and how secure its data systems are and how employees access it.
– Source: NAIC Cyber Risk
*This information is a guide only, it is not legal or financial advice. Always do due diligence to ensure you are not breaking the law.