Overview of Cybersecurity Insurance
Although hacking and cyber threats have been present for quite some time, cybersecurity insurance is a relatively nascent field. Although cyber insurance policies from different companies may vary widely, there are many similarities. In this post, we describe the basics of cyber security insurance in simple English.
There are two major types of policies: first party and third party coverage. First party insurance provides coverage for direct costs associated with responding to the failure and managing through the incident. Third party insurance provides coverage for lawsuits or claims that come as a result of a cyber incident.
First party coverage
Firms that do not hold lots of confidential client information should consider first party coverage. The coverage is for direct costs incurred by the insured company, not for costs that come as a result of lawsuits or regulatory demands/fines. The most common types of claims on this type of policy include:
- Notifying clients and partners of the breach
- Credit monitoring services for clients and partners. This is particularly important if payment information (e.g., credit cards) was breached
- Paying extortion or blackmail costs in case the data is held hostage
- Hiring a public relations firm to manage the brand and reputation of the company
- Covering lost income or revenue that occurred as a direct result of the breach
A critical aspect of this policy to review is the trigger for payment. Some policies require the company to be legally obligated to notify clients of a breach. In the US, 47 states have laws requiring a company to notify clients of a breach within a set period of time. Canada does not yet have such rules yet, but a company many choose to notify clients regardless. As a result, check your policy to make sure voluntary notification costs are covered.
Third party coverage
Firms that hold lots of client data (e.g., addresses, payment information, medical records) are especially at risk in the case of a cyber-attack. The coverage is for costs that are incurred as a result of customers, partners or regulators. The most common types of claims on this type of policy include
- Legal costs to defend the company in court
- Settlements, damages and judgements directly related to the attack
- Costs related to responding to regulatory demands (e.g., gathering data)
- Regulatory fines and penalties
Zensurance is Canada’s leading online commercial insurance broker. We offer a full range of insurance products to small businesses, with a particular focus on digitizing businesses and technology startups. We understand what it is to work with new technology, and know the most common risks of which you should be aware. Based on that (and a lot of analytics), we recommend the ideal insurance coverage for your business.