By Alexander J. Domino,  AAI
Domino Insurance Agency

Concept for loss of corporate secrets through insecure data storageMost manufacturers today rely on some sort of network system to run their day to day business, which varies from using email applications to shop floor automation. Interruption of these systems or compromised data can be costly to remedy and affects future revenues. Secure infrastructures and policies are typically established to prevent breaches, however it’s difficult to guarantee 100% protection, as seen in the cases of Sony, Home Depot, and Target. Systems and data are an asset, so it’s important to insure against costs of future damages just as you would a home or car.

There are basically two types of cyber liability coverage. First-party coverage insures your own company and systems. Third-party limits provide coverage when a cyber situation affects others, such as employees,
clients, or vendors.

First-party coverage focuses on systems and data. Common expenses include:

  • loss of digital assets (eg. cost of repairing systems, reconstruction of data)
  • business interruption expenses to remedy the situation
  • loss of income while systems are down
  • customer notification and credit monitoring
  • forensic investigation
  • public relations

Third-party coverage focuses on security and privacy. Common expenses include:

  • Legal defense for loss of confidential information (including employees and others)
  • Settlements and damages related to use of electronic media
  • Regulatory fines and penalties
  • Crisis services

A cyber liability policy may also include sub-limits for cyber terrorism (groups like anonymous are being considered cyber terrorist by some countries) and cyber extortion (hacker who locks a network and demands ransom). While cyber terrorism situations are less common, cyber extortions are on the rise, small businesses are targets for this type of crime because they are less secure.

The policy costs are dependent on many factors, including the extent of your network security and risk management plan. The broker will negotiate the best rate with the insurance carrier considering aspects such as: 1) doing business outside of the U.S., 2) use of remote access and mobile devices, 3) established cybersecurity risk management plan, 4) business continuity plan, 5) security protocols and physical controls, and 6) type of stored data, as well as others. A broker can be an extension of your risk management team in helping you develop plans for prevention which in turn affords a better policy rate.