Cyber-Insurance Basics

Cyber Insurance is a broad term that refers to insurance protection from risks related to a business’s information technology systems particularly with regard to its data and internet exposure. Common examples include a data breach in which personally identifiable information is exposed or a cyber-attack in which a company’s network is disabled.

Cyber-attacks and other security incidents involving personally identifiable information are increasing. A survey by Price Waterhouse Coopers found that, “the number of detected information security incidents has risen 66% year over year since 2009.”

Businesses that collect or maintain personally identifiable information (data that could identify a specific person) as well as those that would be harmed by a network failure should have some type of cyber coverage. Business that processes credit card transactions should also consider obtaining cyber-insurance coverage.

Cyber-insurance can provide first party and third party coverage. First party coverage provides direct protection for the insured for losses incurred. Examples of first party coverages would include:
– The cost of notifying customers after a breach
– Legal costs involved with regulatory compliance after a breach
– Business interruption costs
– Data restoration costs

3rd party coverage protects the insured by agreeing to indemnify a 3rd party in the event of a liability loss (liability coverage). Examples would include:
– Legal settlements related to the release of customer data
– Legal defense costs
– Government fines

Recommendations for purchasing cyber-insurance coverage:

1. Evaluate the risks your business faces and purchase the coverage that’s appropriate to cover those risks. For example, if your company maintains personally identifiable information consider obtaining network security or enterprise privacy liability coverage to provide protection in the event of a data breach. If your company would suffer a loss in the event of a system failure due to a network attack consider purchasing network interruption, business income and extra expense coverage.

2. Obtain coverage for retroactive events. Many policies provide coverage for claims that “occur” during the policy period. Policies can also be written to provide coverage for claims that are made during a policy period even if they occurred prior to the inception of the policy. This is important for cyber coverage because breaches may go undetected for a long period of time.

3. Understand what you’re covered for. Unlike many other lines of business, cyber-insurance policies are not standardized. A policy from one company may have coverages and exclusions that are completely different from a policy issued by another company.

Rick Braile

Directors Officers Insurance

Directors and officers insurance (D&O) provides liability coverage for directors and officers of organizations including businesses, non-profit and government entities. It provides a level of protection for individuals who serve in fiduciary roles as directors or officers allowing organizations to attract talented people to serve as directors or officers without incurring the risk of personal financial loss.

When considering whether or not to serve on a board it’s recommended that people make sure that D&O coverage is in place. As a director or an officer of an organization you are responsible for making decisions that are in the best interests of the organization and with that responsibility comes the risk of negligence. Examples may include liable or slander claims that can arise when condominium board members speak in anger or board members of a local yacht club facing legal action if members deem that funds have been spent improperly.

If you’re considering serving on the board of an organization make sure that they have a D&O policy in place. If you’re already involved with one and are looking to provide protection for your existing members and attract talented people it’s a good idea to purchase a D&O policy.