So do you need to have cyber liability insurance? Is this a type of insurance coverage that is required for you or your company? Well, in most cases, there’s no law that requires you to have cyber liability insurance whether you’re an individual or a business. However, most insurance policies that are carried out by a company or an individual have exclusions for certain cyber losses.
If you’re a company and your server is hacked and somebody deletes all your data, normally that’s an exclusion from coverage under your general liability insurance policy. If a bad actor infiltrates your system and creates damage for your customers, many times that’s also an exclusion from coverage under your errors and omissions (E&O) policy. Check your policy to be certain, we’re not saying every policy is this way but in general, you want to verify that your policy has these exclusions. So does that mean you need to buy cyber liability insurance? Well, the first question is what would a cyber liability policy cover?
A cyber liability policy is not the same for every company and it’s not the same in every state. There’s no standard cyber liability insurance policy, there are many different types. In fact, most cyber insurance policies are considered surplus lines policies meaning that there’s no standard form filed with the state, each policy’s terms and conditions are set by the insurance company that writes it. When looking for a cyber liability policy, you want to make sure the coverages are what you want. In fact, you probably want to verify if you want certain coverages that the agent confirms in writing that your particular cyber policy has those coverages because they are all different from one another.
There are a lot of businesses that think that they need to get one only if they’re in the technology industry or computer industry. But most companies now are very computer dependent. You probably have a customer management system, and platforms you use to integrate with your suppliers or your customers. You may have an e-commerce system that bills your clients or customers. Many times your internal software, payroll, and manufacturing systems are all on different programs that run your business. That’s all technology, that’s all cyber. If it’s connected to the internet, it’s possible that a bad actor can attack. And if it does damage, you may or may not have coverage.
Additionally, you want to determine whether or not you need to have coverage for third parties. If you’re a company that relies on a supplier and that supplier has a computer problem where their system goes down, would that affect your business? What if you can’t buy your supplies from them for 30 days while they fix their system? Do you have coverage for that third party? Not every policy covers that. What about if your system gets hacked and it affects your customers? Maybe their information is released. You want to make sure that if you want this your coverage would extend to that because not every policy does.
So while there’s no law that requires cyber liability insurance, in most cases you should have it anyway. Many times licensing for certain industries or your contracts might specify that you have proper coverage. It may not specify cyber coverage, but it may require you to have proper coverage for yourself, your clients, and your customers. So work with a good agent and make sure that your insurance agent or broker gives you a breakdown of what you currently have coverage for, where you may have gaps, and whether or not cyber liability insurance would be valuable for your business and what you would have to do to qualify. Not every business will qualify for it, you may have to put some policies in place to protect your system first before you’re eligible for cyber coverage.