Cyber Insurance: Protecting your Business from Rising Digital Threats

February 26, 2024
By Cornerstone Staff

In the last year, cyber criminals delivered a wave of cyber-attacks that were highly coordinated and far more advanced than ever before. Simple endpoint attacks became complex, multi-stage operations. Ransomware attacks hit small businesses and huge corporations in equal measure. It was a year of massive data leaks, expensive ransomware payouts, and a larger, more complicated threat landscape. Cyber criminals have upped their game in a big way.

Cyber attacks have become the new norm across public & private sectors. This sketchy industry continues to grow and IoT cyber-attacks alone are expected to double this year. The Internet of Things (IoT) describes the network of physical objects that are embedded with software, sensors, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet. IoT is not just computers and cell phones anymore: security systems, cars, Echo, Fitbit, Airtag, watches, thermostats, lights, TV’s, smart appliances and more… anything connected to the internet could be a potential entry point for a creative and determined hacker.

According to the Identity Theft Resource Center (ITRC), nearly three-quarters of US small business owners reported a cyber-attack last year, with employee and customer data most likely to be targeted in data breaches. A cyber attack on average costs businesses of all sizes $200,000. This high cost leads to roughly 60% of small businesses folding within 6 months of a cyberattack. For companies that can weather the storm, the costs associated with a cyber-attack typically stretch out 3 years or more.

Cybercriminals use advanced ransomware tacƟcs, AI, and deepfakes to improve their targetng capabilities. The introduction of generative AI is a huge problem for businesses. AI tools will help cyber criminals develop extremely convincing emails and telephone calls to evade detection of their social engineering campaigns making employees particularly susceptible.

The human element is the weakest link in cybersecurity, but it is also the most important. Small business owners are so busy that they often don’t take the necessary time to closely train, educate or supervise their employees. That leads to employee negligence which can leave businesses vulnerable to cyber-attacks. In fact, the vast majority of cybersecurity breaches are due to human error with the attack typically beginning as a phishing email sent to an unsuspecting employee.

Whether you are a large global company, a startup, or anywhere in-between, you face cyber risk simply because you use technology to do business. As technology becomes more complex, so does the cyber threat landscape. Every business needs to have an appropriate level of cyber liability insurance and an effective cyber security plan.

The cost of cyber insurance is typically based on annual revenue, claims history, number of clients, number of records, type of data & sensitive information stored.

Cyber insurance can help protect your business against losses resulting from a cyber-attack. Make sure coverage includes the following:

• Data breaches (incidents involving theft of personal information).
• Cyber attacks (breaches of your network).
• Cyber attacks on your data held by vendors or other third-parties.
• Cyber attacks that occur anywhere in the world (not just the US).
• Breach Hotline that’s available every day of the year, 24 hours a day.
• “Duty to defend” wording (defend you in a lawsuit or regulatory investigation)

If you feel safe because you bought an endorsement to your E&O policy that provides some cyber or tech coverage, you need to read and fully understand the coverage. Endorsed E&O policies typically provide limited third-party coverage, and you may be very disappointed to find that your policy does not provide any first-party coverage when you file a claim.

First-party liability coverage typically protects your data including employee and customer information. This coverage includes costs related to:

• Legal counsel to determine your notification and regulatory obligations
• Recovery and replacement of lost or stolen data
• Customer notification & call center services
• Lost income due to business interruption
• Crisis management and public relations
• Cyber extortion & fraud
• Forensic services to investigate the breach

Third-party liability coverage generally protects you from liability if a third-party brings claims or lawsuits against you. This coverage typically includes:

• Payments to consumers affected by the breach
• Costs for litigation and responding to regulatory inquiries
• Claims and settlement expenses related to disputes or lawsuits
• Losses related to defamation and copyright or trademark infringement
• Accounting costs
• Other settlements, damages, and judgments

An oversimplified example using something we all know is auto insurance. Whenever you drive your car, you are under one of the following scenarios for an at fault accident: no insurance, liability only, or full coverage.

1) No Insurance: You are paid nothing and the person you hit is paid nothing. You suffer out of pocket costs for everything.
2) Liability Only (for example – an older, high mileage, low value car):
Your insurance pays the person you hit for their injuries and damages, BUT you suffer out of pocket costs
for all your injuries and damages. This is an example of third-party liability coverage.
3) Full Coverage (for example – a nice, well-maintained car with value):
Your insurance pays the person you hit for their injuries & damages, AND your insurance pays for your
injuries and damages. This is an example of third-party liability PLUS first-party liability coverage.

When it comes to protection from costs associated with cyber-attacks, your business is operating under one of the same 3 scenarios… completely uninsured, liability only, or full coverage. What type of “car” are you driving when it comes to your cyber coverage?

Connect with one of our Insurance Experts to discuss your company’s appropriate cyber coverage amount and an effective cyber security plan.


Cornerstone Staff

| Cornerstone
Free Yourself from the Burden of Licensing