Have you been security breached? As security pros put it, “you have either been security breached or you just don’t yet know it”. With the increasing use of digital technology, more and more information is exchanged in cyberspace. A lot of that information is personal data, for the storage, transfer, and exchange of which there are many rules and regulations. In the case of a security breach, such as the one that happened to LinkedIn, the business who holds the data is held liable.
What is cyber liability insurance
Cyber liability insurance cover (CLIC) has been available on the market since about 2006. CLIC policies cover a business’ liability for a data breach in which the firm’s customers’ personal information, such as Social Security or credit card numbers, is exposed or stolen by a hacker or other criminal who has gained access to the firm’s electronic network. This insurance allows to mitigate risks related to security breaches, namely, by transferring the risk (quantified in financial value) – insuring against it. Such risks are primarily related to the mandatory data breach requirements in most countries (Canada, US, EU) – if you have been breached, you must notify your clients, and the costs of notification can be very high (including loss of revenue, lawsuits, etc.).
Such costs force many business owners to consider CLIC among the other risk management tools – flood, fire, theft insurance. Cyber insurance cover is enormously beneficial in the event of a large-scale security incident, as it provides a funding mechanism to recover from major losses, helping businesses return to normal operations.
What CLIC covers from
Presently, CLIC can include:
- Data breach/privacy crisis management cover (expenses related to the management of an incident, the investigation, the remediation, data subject notification, call management, credit checking for data subjects, legal costs, court attendance and regulatory fines)
- Multimedia/Media liability cover (third-party damages, like defacement of website and intellectual property rights infringement)
- Extortion liability cover (losses due to a threat of extortion, professional fees related to dealing with the extortion)
- Network security liability (third-party damages as a result of denial of access, costs related to data on third-party suppliers, costs related to the theft of data on third-party systems).
Apart from that, cyber liability cover can include expenses related to mitigating data breach risks, such as security audit costs (Commit100 has done such audits for its clients).
Who needs cyber liability insurance?
All businesses carry confidential client information, however there are different classes of such information. For example, breaches related to data such as credit card information, medical information, social insurance numbers will be of higher risk that breaches related to name and address. For example, in Ontario there exists the Personal Health Information Protection Act (PHIPA), which puts very stringent requirements on handling of individuals’ health information.