In recent years, as technology has improved, cyberattacks have become more of a risk for small and large businesses. According to the 2019 Bank of America Merchant Services’ Small Business Payments Spotlight report, 41% of small businesses pay more than $50,000 to resolve issues related to data breaches. Nearly 30% of consumers surveyed said they will never return to a small business that has faced a data breach. In a recent example, Florida-based IT firm Kaseya was the victim of a ransomware attack that impacted an estimated 1,500 businesses worldwide in July 2021. Hackers harmed local dental offices, froze registers at several supermarkets in Sweden, and prevented children from going online in school in New Zealand. There is no public information as to whether or not Kaseya had cyber liability insurance; however, if the company did, it would have lessened the liability of all people affected by the ransomware attack.

Alternate name: cybersecurity insurance

How Cyber Liability Insurance Works

When a business experiences a data breach or cyberattack, financial institutions typically cover the charges they believe to be fraudulent. However, banks and credit unions do not cover the responsibility of the business, which often includes crisis management with clients or people impacted. That’s where cyber liability insurance comes in. Traditional or general liability and property insurance policies tend to directly exclude cyber risks from their terms. As a result, more companies have begun offering stand-alone cybersecurity insurance. Cyber liability insurance covers a wide range of cyber-related losses, both to the company itself and other individuals or companies impacted by the attack. Events and items included in coverage are:

Data destruction or theft Extortion demands Hacking Denial of service attacks Crisis management activity related to data breaches Legal claims for defamation, fraud, or privacy violations Liability and defense costs

The cost of cybersecurity insurance will also vary. It depends on several factors, including the industry your business is in, the size of your business, and the amount of coverage you wish to secure. Most insurance companies that offer this type of coverage have limits ranging from $100,000 to $5 million per event. According to Jeff Weaver, assistant vice president of management liability insurance at Selective Insurance, business owners should inquire about third-party coverage, which will protect the business  in the event a business owner is faced with a lawsuit as a result of allegedly failing to secure or disclose an incident. When a company experiences a data breach or cyberattack, it is obligated to notify customers within a specific timeframe. It is also responsible for filing documents with the necessary state officials. Failure to do so may result in fines or in some cases, lawsuits, from people impacted by the breach. If and when a business experiences any type of cyberattack and it is insured, it should call its insurance carrier, report the incident, then begin the process of recovering the damage. The process is similar to that of any other type of insurance.