Data Breach vs. Cyber Liability Insurance: Is there a Difference?
If you’ve ever looked into protecting your business from cyberattacks, you have probably heard the terms data breach insurance and cyber liability insurance. Since they are often used interchangeably, many tend to confuse the two.
Is there actually a difference? Yes. Simply put, cyber liability insurance covers monetary losses from a breach AND provides legal protection. Data breach insurance only protects your financial interest.
Let’s take a deeper look at each type of coverage to get a clear understanding of the differences between the two. We’ll also discuss what you should consider when looking for protection against a cyberattack.
Cyber Liability Insurance
Cyber liability insurance is designed to give the most comprehensive coverage to businesses that have fallen victim to a cyberattack. It is usually a stand-alone policy consisting of both first-party and third-party coverages:
First-party coverages will pay for the losses related to the breach of your network (i.e. data destruction, extortion, online theft, and hacking to name a few). First-party coverages include:
- Investigation costs
- Costs to repair damaged or lost equipment
- Lost revenue
- Notification costs
- Credit monitoring and/or lost profits
Third-party coverages provide protection from lawsuits against you related to a cyberattack. It will cover the costs related to claims brought against you such as:
- Attorney fees
- Settlements and/or judgments
- Any regulatory fines incurred
If a breach were to occur, and your clients’ information were exposed, cyber liability insurance would cover costs that arise from accusations made that your business failed to protect company data.
Data Breach Insurance
Data breach insurance only offers first-party coverages for losses related to a data breach, hack, or theft of company documents. The policies generally cover expenses associated with informing parties affected by a breach to minimize the damage. This includes offering affected parties access to things like assistance hotlines and credit monitoring.
If your business already has an Errors & Omissions (E&O) policy in place, you probably already have some type of data breach coverage included. Every state now has data breach notification laws, necessitating most businesses to have some type of coverage, so it is common for an E&O policy to include a type of data breach coverage. It will depend on the policy and carrier what coverages are provided. Read more about why using professional liability insurance to cover cyber liability claims can be an expensive choice.
What Are Data Breach Notification Laws?
California passed a Notice of Security Breach Act in 2003. This act requires that any company that stores the personal information of Californians, and experiences a data breach, must disclose the details of the event.
In March 2018, the first cybersecurity legislation was passed in New York, requiring financial businesses to follow a list of requirements such as conducting regular risk assessments and appointing Chief Information Security Officers.
As of September 2018, all 50 states have followed California’s lead and are now requiring the notification of individuals if their personally identifiable information was a part of a security breach. Businesses are urged to take proactive measures to keep not only their own companies safe, but to keep their clients, and their personal information, safe as well. New regulations are constantly being put in place to assist businesses in protecting their systems from an inevitable cyberattack.
According to a Cybersecurity Ventures 2019 Annual Cybercrime Report, global ransomware damage costs were predicted to exceed $5 billion in 2017, up more than 15X from 2015. Ransomware damages are now predicted to cost the world $11.5 billion in 2019, and $20 billion in 2021. As the problem grows, more states are implementing laws and regulations to help businesses stay safe.
What Is Right for Your Business?
Businesses that don’t necessarily store data on their own networks but can still be held responsible for the work they do, would benefit most from data breach insurance. Professionals such as tech consultants, independent contractors and web developers are examples of professions that could be blamed for negligence, an oversight, or a mistake based on the work that was performed, and could easily be held responsible for a data breach.
Cyber liability insurance offers a broader coverage, so it more suitable for those businesses that store personally identifiable data (PII). Businesses such as law firms, hospitals, retail stores, health care professionals, and financial services firms that store information about their customers or employees will want both first-party and third-party coverages.
Data breach insurance only covers a fraction of what a stand-alone cyber liability policy can. It will depend on your business and the type of industry you work in whether data breach insurance, or a more robust cyber liability policy, is the right fit for your company.
Getting the Right Protection
Cybercrime has become one of the fastest growing concerns in the world. According to the 2019 Cybersecurity Ventures report, businesses will fall victim to a ransomware attack every 11 seconds by 2021. And between 2014 and 2018, organizations victimized by one or more successful cyberattacks climbed from 62 to 77 percent, while optimism for dodging a successful cyberattack in 2019 dropped from 62 to 38 percent.
Businesses need to not only be aware of this looming threat – they must also take action. Protecting your business starts with understanding your current exposures and coverage.
First, take the time to quantify your risk. What type of information does your business store and how valuable is it?
Second, reach out to your insurance agent to discuss how you are currently covered, and if cyber liability or data breach insurance is the right fit for you. A good insurance agent will take the time to help you evaluate what you need.