The shift of corporate activity online has increased demand for insurance products that protect companies’ digital assets. Cyberattacks and cyber fraud are becoming commonplace. Many jurisdictions have enacted data security and digital privacy laws. This new world has created a demand for insurance where one did not exist. In response, a quickly growing insurance market is emerging to address these risks. The details of these relatively new cyber insurance policies can be complicated, especially because there are significant differences in the protections offered by various insurers. While conventional insurance policies may provide some coverage for cyber events, cyber insurance increasingly is becoming an indispensable part of companies’ risk management strategies.

The Differences Between Cyber-Risk Insurance Policies and Other Forms of Coverage

Cyber insurance differs from other forms of insurance because it typically protects a company before, during, and after a cyber event. Cyber policies often provide preventative services such as security software, network assessment, and training to deter or prevent cyber events before they occur. Some policies even offer premium discounts if the policyholder follows certain preventative protocols, including the purchase and use of infrastructure defense products (e.g., software, physical equipment, etc.) sold by the insurer. Cyber policies also should include access to response teams to address cyber events in real time, focused on ending the attack and minimizing the loss to the policyholder.

Cyber insurance is an absolute necessity for companies that handle customers’ personal information or operate in industries in which customer information is protected by laws and regulations (e.g., law, education, healthcare, and finance). Given their close relationship to cyber events, tech-based companies also should purchase a technology errors and omissions policy that includes cyber liability coverage to protect themselves should their companies or employees be accused of any cyber malfeasance.

Common Cyber Risk Insurance Claim Issues

Events covered by cyber insurance include data breaches, malware infection, cyber extortion, ransomware, and business email compromise. State, federal, and international penalties for certain data breaches compromising health and personal information can be significant, and cyber insurance is designed to cover at least a portion of these penalties in the event of a cyber event.

Cyber insurance is not, however, a “get out of jail free” card, and policyholders must understand their obligations under the policies. These include the typical notice and cooperation duties found in other insurance policies; but cyber insurers may deny claims for a host of reasons exclusive to cyber insurance, such as the failure to maintain specific cyber security requirements, the failure to train employees how to prevent and handle cyber events, and the payment of fines and/or ransoms without the insurers’ knowledge. 

Now more than ever, as workplaces become virtual and decentralized, it is imperative that business owners protect their companies from cyberattacks and data privacy breaches by procuring cyber-risk coverage and enforcing it when a loss occurs and its insurer balks. Payne & Fears insurance coverage attorneys understand these risks and know how to enforce coverage for these kinds of losses.