Blog

Should You Use Professional Liability Insurance for Cyber Liability Coverage?

Using Professional Liability Insurance for Cyber Liability?

Like most businesses in today’s fast-paced digital economy, you are probably relying more and more on computers and servers as the primary means of storing important client information. Not only is this unavoidable in most businesses, it also saves time, space and effort over the paper files of yesteryear. But progress always comes at a cost. In the case of digital records, the cost for business owners involves the potential exposure to cyberattacks.

But using professional liability insurance to cover cyber liability claims can be an expensive choice. First, you erode your limits. You also create a claim against your professional liability policy. And that increases your rates.

You’ve got three choices for covering a cyber claim:

  1. Pay out of pocket.
  2. Use your professional liability policy.
  3. Use a cyber liability policy.

Quantifying the Risk of a Data Breach

According to Forbes, the average cost of a data breach is $3.86 million dollars. Why is this average so high? It comes down to the number of individuals who can be affected in a single cyberattack. Think of each personally identifiable record you have for both prospects and clients. This includes ANY record with one or more of the following:

  • Name
  • Email Address
  • Physical Address
  • Date of Birth
  • Credit Card Numbers
  • Social Security Numbers
  • Bank Account Numbers

A recent Digital Guardian report estimates the average cost of a data breach at $150 per record. This means that if you had twenty thousand records in your database the average cost of a cyber breach would be approximately $3 million dollars.

Add to that the remediation requirements. For every personally identifiable record compromised in a data breach, you are obligated by law to notify each client affected and provide ongoing credit monitoring services for every single individual at risk of identity theft. The costs of a data breach could be crippling to a small business.

Cyber liability self-assessment

Mitigating the Risk of a Data Breach

The best way to protect your business from a potential cyberattack is to create safeguards that can reduce the chances of an attack occurring. These practices should be the first-line defense of any business:

  • Strong Passwords that are updated at least annually.
  • Limiting Personally Identifiable Information (PII) to be accessible by only certain employees.
  • Updating websites and web hosting when new versions are available.
  • Updating software and computers when new versions are available.

While these measures can help prevent a cyberattack, it still makes sense to plan for large financial exposures in case prevention fails. If your systems were hacked, how would you pay for the breach?  We’ll explore 3 options to help you decide which path towards cyber protection makes the most sense for your business. 

Paying for a Breach Out of Pocket

To decide how much you need to have in reserve to self-insure for a cyberattack, one of the first questions to ask yourself is how many personally identifiable records you have. For businesses that have been around for any length of time, it would be reasonable for a database of prospects and clients to contain tens of thousands of records.

Going back to the Digital Guardian estimate of $150 per record, if you had twenty thousand records in your database the approximate cost to cover a cyber breach would be $3 million dollars. Do you have that amount of cash saved to cover a possible data breach? If not, you may need insurance to adequately protect your business.

Paying for a Breach with Professional Liability Insurance

Many professional liability insurance policies do contain some form of basic cyber liability coverage. A common practice for insurance carriers is offering additional cyber coverage to a professional liability policy in order to make the policy more attractive to a potential buyer. This option may work for you, or it may not. There are a couple of caveats to consider.

The first is that if you rely solely on a professional liability policy for your cyber protection, you are essentially overpaying for cyber insurance. Why? Because the cost of a standalone cyber liability policy is significantly less expensive than adding to a professional liability policy in most cases.

The second is that relying on professional liability insurance to cover a cyber breach puts you at risk of exhausting the available coverage on your professional liability policy. This “kicking-the-can-down-the-road” strategy puts you in danger of eroding your limits of liability.

For example, say that you have a $500,000 professional liability policy and use it to pay remediation for a cyberattack costing $450,000. This leaves you with only $50,000 in coverage for any future claims to cover exposure from malpractice, frivolous lawsuits, or simple errors that may threaten of your business.

Many firms decide that a less-expensive, standalone cyber liability policy makes more financial sense both in the short run and the long run. 

Paying for a Breach with A Standalone Cyber Liability Policy

If you have made the decision that a potential cyber liability exposure is simply too large to ignore, a standalone cyber liability policy can provide an affordable complement to your existing coverage(s). 

A cyber liability policy should match your practice and unique needs. This may include the number of records and the amount of cyber exposures you have. The policy should be able to grow with you and your business as your needs change and grow.

Specific coverages to consider as you explore cyber liability insurance policies include:

  • The cost to notify all prospects, clients and employees about a breach.
  • Extortion coverage if your data or servers have been locked by a hacker who will not return the information unless you pay them – also referred to as a ransomware attack.
  • Credit monitoring for all individuals affected.
  • Certain costs involved with the business operations being affected due to the breach or ransomware attack.
  • Certain privacy lawsuits.
  • Certain fines that may be issued by government or regulatory agencies.

Additional coverages, benefits and endorsements will typically be available depending on the type of cyber liability policy and the insurance carrier who underwrites the policy. This will allow you to customize a policy to fit your specific needs and budget requirements. 

The potential costs of a cyber breach could be catastrophic for any business. That’s why best practice is to mitigate the potential exposure of a breach through the use of a cyber liability policy. This will allow a business to affordably cover their digital exposures while also protecting professional liability policy limits for any future malpractice claims.

Cyber liability self-assessment