Cyber Insurance: What It Does and Does NOT Cover

Cyber Insurance

As a provider of managed IT services and cyber security to Miami area businesses, Internos often advises clients on their cyber insurance needs as part of their overall cyber security. We do not provide policies or have any relationships with insurers. 

You know you need cyber insurance because of the flood of hacks and data breaches surfacing almost on a daily basis. But in addition to knowing what your policy covers, it’s equally important to know what it will not cover.

For example, will it cover your losses during your downtime? What about fines incurred because of compliance gaps? Some insurance specifically rules out fines incurred by PCI gaps. 

Then there are software updates, new hardware, property damage (e.g.,  a shipment of perishables perishes during the downtime) and bodily damage.

All too often, businesses are only aware of the bullet points of their cyber insurance coverage. Unless some things are specifically spelled out in your contract with your insurance company, you might get an unwanted surprise after a data breach. For instance, did you know there are actually two kinds of cyber insurance?

Types of Cyber Insurance

It’s possible to have a homeowners policy that includes liability, hurricane coverage and flood insurance—but that’s not always the case. Cyber insurance is similar. Don’t make assumptions. Know which types of cyber insurance coverage are in your policy. Here are the three main categories:

Network Security Insurance

Sometimes called data breach insurance, network security insurance is first-party coverage of the direct costs associated with the breach. This may include the costs of:

  • Hardware or software repair or replacement.
  • IT investigations.
  • Restoring data.
  • Notifying your customers.
  • Setting up a call center. 
  • Offering credit monitoring to those impacted.  

Negotiation and payment of a ransomware demand may also be included, depending on the policy. 

>>Know what to do in a ransomware attack with this free checklist

Cyber Liability Insurance

Also called privacy liability coverage,  a cyber liability policy is what you’ll need if someone impacted by the breach decides to sue. It offers third-party coverage of attorney fees, settlements or judgements and possibly regulatory fines. 

Cyber Crime Costs

This category of insurance deals with losses as a direct result of cyber crime, such as if a hacker stole funds from your business account. It also covers losses due to fraud, such as when an employee is duped by social engineering into changing a payment address on an account, diverting funds directly to a malicious actor.

Your Cyber Insurance Checklist

Your cyber insurance needs may be very different from other companies. Whether you are purchasing a new policy or dusting off an existing one, make sure you know where you stand on the following coverage areas:

  • Business Interruption: Coverage for costs incurred due to business interruption as a result of a cyber event, such as the inability to provide services for a period of time when you’re unable to access your systems or data—whether the cause is a cyber crime or simply human error.
  • Cyber Extortion: Coverage for types of cyber extortion like ransomware. This can include the cost of hiring a negotiator and investigators and even the ransom payment. 
  • Social Engineering: Coverage for losses due to employees being tricked into taking actions that either direct money to criminals or allow cyber criminals into a network to act for themselves.

>>Don’t take the bait! Download our Phishing Prevention Cheat Sheet

  • Reputation Harm: Damage to your brand, reputation or business due to a security breach. It is usually limited to a certain period of time after an event and may include the costs of implementing a PR agency’s recommendations (if not the agency fees themselves).
  • Forensic Expenses: Costs associated with investigating, isolating and eliminating a threat. 
  • Legal Expenses: Lawsuit defense and settlement costs as a result of a data breach. 
  • Regulatory Expenses: Fines and penalties levied if regulators determine that your business failed to adequately protect sensitive consumer data.
  • Notification Expenses: Costs related to notifying clients that their data might have been compromised in a data breach. It may include the cost of setting up a call center or to field client concerns.
  • Credit Monitoring and ID Theft Repair: Costs for your business to set up these services for impacted customers. 

No matter how good your cyber insurance is, you never want to use it. Having a proactive and complete cyber security plan is best for your business’s reputation, continuity and growth. Need help? Contact us or book a meeting today.

Jairo Avila

Jairo is the CSO of Internos Group and a partner. As senior client manager, Jairo connects our clients’ needs to our IT services so that it all flows together. With more than 23 years of experience in the IT industry, Jairo plays an essential role helping our clients develop a technology strategy and working with the Internos team to make sure everyone can breathe a little easier.

Use our Managed Service Provider Checklist to Find the Right

Our easy-to-follow checklist can guide you through the process of the best IT services provider for your business.

Are you a first-timer to IT support? Maybe you aren’t happy with your current MSP? This checklist will help you help you outline and define:

  • Your business goals for the next few years
  • The stats that potential MSPs will need to work out a plan for your company
  • The risk areas in your backup and cyber security practices
  • What you expect from your IT provider
  • And more!