Does General Liability Cover Cyber Attacks?
Cyber insurance is still relatively new. Many businesses wonder if they really need it, what it will cover and whether coverage will be enough to save their hides in the event of a major hack.
Isn’t a general liability policy enough? Not usually. Many plans specifically exclude coverage for cyber-attacks. If the policy is old, it might be more inclusive as the language for cyber-attacks might not have been known when it was designed. Business owners need to protect themselves by reading their policies closely and clearing up any questions with their insurance agent.
What Does Cyber Insurance Cover?
The more businesses depend on electronic data, the harder those assets are proving to protect. The insurance market has swooped in to protect businesses from internet-related risks such as hacking, viruses, data breaches and data recovery. Depending on the policy, areas of protection may include:
| Liability for website copyright infringement | |
| Periodic web security reviews to mitigate risks | |
| Reimbursement for hiring additional staff, filing fees and other costs of recovery from cyber attacks | |
| Business interruption protection, especially for small businesses | |
| Legal fees and legal aid, in case a data breach leads to legal action against a company | |
| Public relations help after a breach or other incident | |
| Customer credit monitoring services | |
| Criminal reward funds for ransom-ware attacks |
Who Provides Cyber Coverage?
Most major insurers now offer cyber insurance. A carrier may include cyber liability insurance in a business owner’s policy or offer it as an add-on.
While cyber insurance can mitigate the damage of cyber crime, breaches can still be costly enough to put a company out of business. The category of “cyber threats” is so broad that it’s impossible to thoroughly insure a business against them. Businesses need to prioritize their most crucial digital assets, and focus on insuring those. Companies should thoroughly understand their specific risk factors, based on industry regulations, number of online transactions, value of intellectual property and vulnerability to lawsuits.
This new type of insurance has a long way to go, and many gray areas. For example, insurers debate whether or not state-sponsored cyber crimes are covered, such as Russia’s alleged hack of the Democratic National Committee. Cyber security insurance is also weak on protecting intellectual property and self-inflicted attacks.
Who Needs Coverage?
According to a 2015 Market Watch story, the current market for cyber insurance policies is estimated at two billion dollars. And it’s growing. The frequent, well-publicized cyber-crimes on American businesses result in a surges for insurers. Businesses of all sizes are at risk.
While large businesses make for the juiciest victims, small businesses aren’t safe either. Almost a third of cyber-attacks target small businesses, according to Market Watch. Small businesses are especially vulnerable to bankruptcy following a cyber-attack. With fewer employees to handle the aftermath, and often very small margins to ride out business interruption, an attack could easily decimate a small business.
Any business that handles confidential digital property from consumers is most at risk. Hospitals and other healthcare providers face staggering HIPAA fines if an attack knocks them out of compliance. Banks and other financial institutions obviously cannot afford security breaches.
The more business a company transacts online, and the more sensitive client records stored, the more protection is needed against cyber-criminals.
Cyber Crime in Texas
Even the great state of Texas is not safe from cyber-attack. According to a 2016 Dallas Morning News survey, one-third of North Texas companies claimed to have been hacked in the past two years. Now 42 percent of North Texas companies say they have cyber insurance.
In 2013, stealthy hackers dipped into Neiman Marcus’ credit card payment system. Despite setting off thousands of alerts in their network monitoring system, the breach went undetected for a solid eight months. Finally, Neiman Marcus’ credit card processing company noticed the suspicious charges. The retail giant responded by creating a new chief information security officer position.
The North East Independent School District in San Antonio suffered ransomware attacks on twenty of its campuses. Ransomware holds data hostage and the use of these attacks are on the rise in 2016. Hackers demand a fee for its safe return. The San Antonio school district got lucky, and managed to retrieve its data without paying a fee. No sensitive student data was compromised – at least, as far as they know or are admitting.
| Major Dallas Retailers Breached | Sally Beauty Supply, Neiman Marcus, Dave and Buster’s and Michaels Stores Inc. as of 2017 |