In recent years the frequency of network breaches, loss of data and privacy violations has increased with the computerized maintenance of business data and customer information. Are you sure your insurance coverage would cover loss caused by power outages, hacking, data theft, accidental sharing of confidential information, and software or hardware defects?
When there is a data breach there can be a variety of losses, including the cost of recovering data, business interruption, notifying customers and paying credit monitoring, defending lawsuits by those whose data was disclosed and compliance cost with government regulations.
If you look at your current Commercial General Liability policy, you might be surprised to find that you do not have adequate coverage for cyber risk loss. Because of uncertainty in the courts, many insurers explicitly exclude coverage for electronic data loss and the loss of income caused by it.
In reviewing your policy you will find that it provides coverage for property damage for damages to your own property and liability coverage for the risk of harm to others for which you are responsible. Look at your policy’s exclusions for “property not covered”. You will probably find exclusions for “electronic data” and for “costs to replace or restore the information on value paper and records”. More than likely, if you want to protect against loss from breach of or destruction of electronic records, you will have to purchase an endorsement.
In evaluating your cyber insurance needs, you must first identify those risks that are possible for your business and the damage that would occur if that risk occurred. In making your evaluation, you must look at potential damage to your property, events that will damage your business, and the cost of government compliance requirements. You must also evaluate the risk of damage to others, and the events that could result in a claim or lawsuit against your business.
Once you have identified your risks, contact an insurance broker who is knowledgeable in different types of cyber coverage. It is important to review products from multiple companies, because unlike coverage for tangible property and liability to others, cyber coverage varies substantially among carriers. Some of the options you will probably want to consider are: 1) coverage for restoration or creation of your data; 2) coverage for the cost of notification of data breaches required by the government; 3) coverage for business lost income; 4) coverage for liability to others for privacy breaches; and 5) claims for damages to a third party’s computer system or loss of business.
Once you have identified your risks and potential policy endorsements or separate policies, compare these coverages with your most significant risks. As with any insurance policy, the best way to protect your business against loss and claims is to review your coverage with an insurance attorney and understand what coverage the policy provides before you purchase the policy and before a loss. Once a loss occurs, review with an insurance attorney what coverages are available and determine the best strategy to maximize your recovery.