Imagine for a moment that your company has come under attack by a skilled hacker. The hacker has accessed your customers' names and contact information--and worse--your employees' social security numbers. On top of that, your website is disabled so that you can't take orders or collect the payments you need to stay in business.
Wouldn't it be nice to have cyber liability insurance right about now?
Insurance that protects you in case of a cyber attack may seem like something only large corporations would ever need, or could ever afford. But believe it or not, cyber liability insurance makes lots of sense for small companies as well. Here's why:
1. It's more affordable than you think.
"I've seen policies with premiums as low as $2,000 a year, though it can go up from there," says Ethan Miller, partner at the San Francisco law firm Hogan Lovells. You can get coverage as high as $30 million and deductibles as low as $10,000, depending on your needs and what you're willing to pay. Cyber liability insurance is still a fairly new concept, so there's a lot of variation among policies, and a lot of room for negotiation.
2. It can cover more than you think.
Many policies offer "first party" coverage--that is, they will pay you for things like business interruption, the cost of notifying customers of a breach, and even the expense of hiring a public relations firm to repair any damage done to your image as a result of a cyber attack. Having this cash available in the event of a crippling hack can keep the lights on till you're able to resume your normal cash flow. A good policy can even cover any regulatory fines or penalties you might incur because of a data breach.
Business interruption coverage can be especially important for a small business, Miller says, which may not be as diversified as a larger one, or have the same financial resources. "If a larger company has one line of business shut down by a data breach, it may be able to depend on its other lines for revenue. A smaller company may only have one line of business."
3. You probably don't have a risk management team.
Big corporations have entire departments devoted to analyzing the risks the company could face and helping set policies and procedures to protect against them. You don't--but a good insurance carrier can perform a similar function.
"There are a couple of ways insurance can bridge that gap," Miller says. "An insurer might work with a small company to make sure a firewall is in place to protect your network, and make sure you have social media policies that reduce risk." Your insurer may well be willing to help with these areas because the better protected you are, the less likely you are to have a breach that could result in a claim.
4. Even if you don't host your data yourself, you're still responsible.
Is your website and any of your data hosted or stored in the cloud? Take a good look at your contracts: You're still legally responsible. "There's a significant risk," says Karen L. Stevenson, senior counsel at Buchalter Nemer, a law firm with offices in California and Arizona. You can't fully control how a cloud provider handles your data but an insurance policy can protect you if your cloud provider screws up.
5. Your general policy won't cover you.
Typically, a general liability policy specifically excludes losses incurred because of the Internet, Miller says. So a good cyber liability policy can pick up where your general policy leaves off.
Make sure your cyber policy covers laptops and mobile devices as well, to give yourself coverage in as many situations as you can. "Work with your broker to integrate cyber liability with your general policy and employment liability policy," Miller advises. "You want to give yourself the most seamless coverage possible."