Like many businesses, your firm probably uses computers to send, receive, or store electronic data. Such data might include sales projections, tax records, and other information owned by your business. If the data is lost, stolen or damaged due to a security breach, it could be very costly to replace or restore.

Your computer system might also contain sensitive data that belongs to other parties such as customers, employees, or vendors. If the data is lost or compromised by a hacker, the owners might sue your company for damages. Your firm could also incur substantial notification expenses. Virtually states have laws requiring businesses to inform individuals whose personal information has been compromised in a data breach.1 You can protect your business against the costs associated with data breaches by purchasing a cyber liability policy.

Cyber liability insurance covers financial losses that result from data breaches and other cyber events. Most cyber policies include both first-party and third-party coverages. Some coverages may be included automatically while others are available "a la carte."

First-party coverages pay expenses your firm directly incurs as result of the breach, such as the cost of informing your customers about a hacker attack. Third-party coverages apply to claims against your firm by people or companies that have been injured as a result of your actions or failure to act. For instance, a client sues you for negligence after a hacker steals his personal data from your computer system and releases it online.

Examples of cyber policies are The Hartford's CyberChoice, Travelers' CyberRisk. and Philadelphia's Cyber Security products. All three provide a range of coverages and allow buyers to choose the ones they need.

Here are the types of first-party coverages you are likely to find in a cyber liability policy. These coverages may be subject to a deductible.

• Loss or Damage to Electronic Data - Covers the cost to replace or restore electronic data or programs damaged, destroyed or stolen in a data breach, whether the data belongs to your firm or someone else. Losses must result from a covered peril such as a hacker attack, a virus, or a denial of service attack. Policies may also cover the cost of hiring experts or consultants to help preserve or reconstruct data.
• Loss of Income and Extra Expenses - Covers income losses you suffer and extra expenses you incur to avoid or minimize a shutdown of your business after your computer system fails due a covered peril. Some policies, including the Hartford and Travelers policies cited above, cover dependent income losses. These are income losses you sustain when your network provider's system has been breached.
• Cyber Extortion - Applies when a hacker breaks into your computer system and threatens to commit a nefarious act like damaging your data, introducing a virus, initiating a denial of service attack, or releasing confidential data unless you pay a specified sum. Coverage typically extends to any extortion payment you make and expenses you incur in responding to the demand.
• Notification Costs - Covers the cost of notifying parties (voluntarily or as required by law) affected by a data breach. May also cover the cost of providing credit monitoring services and establishing a call center.
• Damage to Your Reputation - Some policies cover costs you incur for marketing and public relations to protect your company’s reputation following a data breach. This coverage may be called Crisis Management.

The liability coverages afforded by a cyber policy are usually claims-made. Coverage typically applies to damages or settlements that result from covered claims as well as the cost of your defense. Note that defense costs may reduce the limit of insurance.

• Network Security and Privacy Liability - Covers claims against your firm for negligent acts, errors or omissions that result in a denial of service attack, unauthorized access, introduction of a virus, or other security breach of your computer system. Also covers claims alleging you failed to properly protect sensitive data stored on your computer system. The data may belong to customers, clients, employees or other parties.
• Electronic Media Liability - Electronic media liability insurance covers lawsuits against you for acts like libel, slander, defamation, copyright infringement, invasion of privacy or domain name infringement. Generally, these acts are covered only if they result from your publication of electronic data on the Internet.
• Regulatory Proceedings - Covers fines or penalties imposed on your firm by regulatory agencies that oversee data breach laws. Also covers the cost of hiring an attorney to assist in your response to a regulatory proceeding.2

The Bottom Line