Cyber Savvy: Do I Need Cyber Liability Insurance?
Download MP3Do you need to have cyber insurance or cyber liability insurance? Is this a type of coverage that is required for you or your company? Well, in most cases, there's no law that requires you to have cyber liability insurance, whether you're an individual with personal lines or a business with commercial lines coverage.
However, most insurance policies that are carried by a company or an individual have exclusions for certain cyber losses. If you're a company and your server is hacked and somebody deletes all your data, normally that's an exclusion from coverage under your general liability insurance policy. If you have somebody that infiltrates your system and creates damage for your customers, many times that's an exclusion from coverage under your E&O policy, or errors and omissions policy. Again, check your policy. We're not saying every policy is this way, but in general, you want to verify that your policy has these exclusions.
So does that mean you need to buy this coverage? Well, the first question is, what would a cyber liability policy cover? A cyber liability policy is not the same for every company. It's not the same in every state. There's no standard cyber liability insurance policy. There are many different types. In fact, most cyber insurance policies are considered what's called surplus lines policies, meaning that there's no standard form filed with the state. Each policy is set up with terms and conditions by the insurance company that writes it.
You want to look at any policy you purchase and make sure the coverage is what you want. In fact, you probably want to verify that if you want certain coverages, the agent confirms in writing that your particular cyber policy has those coverages because they are all different from one another.
Now, a lot of businesses think that they need to get one only if they're in the technical or computer industry, but most companies are now very computer dependent. You probably have a customer management system. You may have platforms you use to integrate with your suppliers or your customers. You may have an e-commerce system that bills your clients or customers. Many times, your internal software, your payroll, and your manufacturing systems are all part of different programs that run your business. That's all technical. That's all cyber. If it's connected to the internet, it's possible that a bad actor, a hacker, or a cybercriminal can attack it, and if it does damage, you may or may not have coverage.
In addition, you want to determine whether or not you need to have coverage for third parties or from third parties. If you're a company that relies on a supplier and that supplier has a computer problem, whether or not it's a cyber attack, ransomware, or their system goes down, would that affect your business? What if you can't buy your supplies from that company for 30 days while they fix their system? Do you have coverage for that third party? Not every policy covers that.
What about if your system gets hacked and it affects your customers? Maybe their information will be released. You want to make sure that if you want this, your coverage will extend to that. Not every policy does.
So, while there's no law that says in most cases you need to have cyber liability, many times licensing for certain industries or your contracts might specify that you have proper coverage. It may not specify cyber coverage, but it may require you to have proper coverage for you, your clients, and your customers.
Work with a good agent. Make sure that your insurance agent or broker gives you a breakdown of what you currently have coverage for, where you may have gaps, whether or not cyber liability insurance would be valuable for your business, and what you would have to do to qualify. Not every business would qualify for it. You may have to put some policies in place to protect your system first before you're eligible for cyber coverage.