In 2018, Marriott announced that one of its reservation systems had been hacked, exposing more than 500 million customers’ sensitive data, including credit card and passport numbers.
The company incurred more than $20 million in expenses related to the breach, most of which was covered by its cyber insurance policies. However, the chain continued to suffer from indirect costs like reputation damage.
Cyber insurance protects your business in the event of a cyberattack, ransomware attack, data breach, or other digital incident. Who needs cyber insurance and what does it cover?
In this guide, we’ll explore:
- What is cyber insurance?
- What does cyber insurance cover?
- Who needs cyber insurance?
- How much does cyber insurance cost?
- How cybersecurity programs impact your cyber insurance
- How to get cyber insurance coverage
- The cyber insurance claim process: What to expect
- Get the cyber coverage you need from a partner you trust
What is cyber insurance?
Cyber insurance protects your business in the event of a cyberattack or data breach. It helps mitigate the financial losses and legal liabilities associated with these events.
What does cyber insurance cover?
Your cyber insurance policy covers financial losses, including legal costs and other costs associated with defending a lawsuit. It can also cover the cost of compensating injured parties for damages.
There are two general types of cyber insurance coverage: first-party and third-party. Let’s take a look at each.
First-party cyber insurance coverage
First-party coverage protects your business if your own systems are attacked. It typically includes costs related to:
- Response to a data breach or cyber threat
- Response to a natural disaster or accident that results in data loss
- Forensic investigations
- Customer notification and credit monitoring services for those affected
- Public relations efforts to restore company reputation
- Business interruption losses
- Payment of ransom to cybercriminals
Third-party cyber insurance coverage
You might need third-party cyber liability coverage if you’re responsible for others’ online security – like your clients, business partners, or vendors. It protects your business if a breach or attack happens to one of these parties, typically covering:
- Legal fees like defense costs and damages if a party sues you
- Settlements if you settle outside of court
- Restoration of the business’s reputation
- Judgments if you’re found liable for the breach
What is not covered by cyber insurance?
While cyber coverage is fairly comprehensive, there are some common exclusions:
- Prior-known issues that occurred before policy inception
- Intentional acts by the insured
- Acts of war or terrorism
What is and isn’t covered can vary, so it’s important to be familiar with your specific policy details. At POWERS, we go through a thorough assessment with all clients to ensure the policies they buy fit the risk they face.
Schedule your free assessment. >
Cyber insurance vs. general liability insurance
Cyber insurance covers losses related to cyberattacks, data breaches, and other digital accidents. You might be surprised to learn that general liability insurance usually doesn’t cover the costs or legal impacts of these events. If you’re found liable for damages to a third party due to a cyber event, your GL policy likely will not cover it.
Cyber insurance vs. technology errors and omissions insurance
While cyber insurance and technology E&O insurance are both related to technology, they cover different things. Cyber insurance focuses specifically on cyberattacks and security breaches.
Technology E&O coverage falls under your errors and omissions insurance policy, also called professional liability insurance. It protects you if a client claims you made an error while providing technology-related services, like software development or consulting.
Who needs cyber insurance?
We recommend a cyber policy for any business that relies on digital systems, stores sensitive customer data, or conducts online transactions. These days, that’s almost every business.
Cyber insurance for small business
Small businesses can be just as at-risk as large corporations. In fact, they can actually stand to lose more. Whether first- or third-party, a cybersecurity event can cause devastating financial loss for a small business. Lawsuits and reputation damage can bankrupt a small business, while a large company may be able to absorb these impacts more easily.
How much does cyber insurance cost?
Your cyber insurance premiums are based on several factors, such as:
- Size and type of business
- Industry and level of risk
- Policy limits and deductibles
- Cybersecurity measures
Because insurance rates can vary, it’s important to work with a risk manager to find the best solution. Businesses with complex risk profiles will find the most value from partnering with an independent insurance agent that will help them proactively manage risk for long-term success.
How cybersecurity programs impact your cyber insurance
Robust cybersecurity measures, like regular security assessments, secure network configuration, and employee training, can show your carrier that you’re committed to protecting your digital assets and mitigating cyber risks. Over time, this can help reduce your premiums.
How to get cyber insurance coverage
An experienced agent should recommend insurance policies for you based on your business’s unique exposures and risk profile. If your agent hasn’t recommended cyber insurance but you think it could be a good fit, ask about it.
Your agent will find the best options based on your risk assessment and present them to you. At POWERS, we cover the following questions when presenting clients with coverage options:
- Does the pricing match the client’s expectations?
- Does the policy have the appropriate limits, deductibles, and coverage enhancement endorsements?
- What are the carrier’s financial stability, reputation, and claims process like?
- What added value can the carrier offer the client – e.g. employee cybersecurity training and incident response support?
At POWERS, we work with some of the best business insurance carriers in the U.S. There’s no need to spend hours researching providers – we’ll make recommendations tailored to your business.
The cyber insurance claim process: What to expect
If you need to file a cyber insurance claim, don’t panic. Thousands of claims are filed every day.
The claim process is different for every carrier and agency, so we recommend learning your insurance agent’s process before you need to file a claim. That way, you’re prepared when the time comes.
Here’s the claim process for POWERS clients:
- Contact your POWERS account manager or claims handler before you call the insurance carrier.
- A POWERS expert will provide a claim consultation to help you evaluate the severity of the claim, your deductible level, contractor referrals, and what to expect going forward.
- With your approval, your account manager will submit the claim to the carrier on your behalf. In some cases, you might choose not to file a claim.
- We’ll pass along your claim number and your adjuster’s contact info.
- You’ll work directly with your adjuster to provide relevant evidence, like incident reports, forensic analyses, notifications to affected parties, and legal correspondence.
- First-party: If your claim is covered, the carrier will help cover the costs to address the issue.
- Third-party: If your claim is covered, the carrier will offer a settlement amount to the claimant or provide a defense if a lawsuit is filed against you.
- The claim will be resolved through a settlement agreement or a court decision.
During this process, your POWERS claims consultant will be with you every step of the way.
Get the cyber coverage you need from a partner you trust
Most businesses need cyber insurance, but how can you make sure you get the right coverage and the most value from your policy? Who will guide you through the claims process when an incident happens?
Any agent can write you a policy. But you don’t need any agent – you need a business partner with proven risk control expertise.
At POWERS, we spent more than 30 years developing what we call “the POWERS Process.” We use this five-step framework to get a deep understanding of your business and make recommendations that not only give you the right insurance coverage, but also help you make smart decisions to grow your business.
We know from decades of experience that a one-size-fits-all approach to risk management simply doesn’t work. We’ll take you through a series of discussion points to drill down and uncover exposures you’ve never considered. Then, we’ll build a plan to safeguard your business and look toward the future.
|Insurance as a stand-alone product
|Insurance integrated into your customized risk management plan
|Multiple, run-of-the-mill applications to assess your risk
|Customized, proprietary assessment for a deep understanding of your risk
|Focused on up-front cost savings
|Focused on long-term cost control
|Salespeople who write your policy and ghost you until renewal
|Partners who help you make smart, growth-focused business decisions
|Say they care about your business’s success
|Show you we care by setting your risk management plan in motion