Why standalone cyber protection policies are superior to general liability endorsements

The worst time to discover an insurance policy doesn’t cover a specific incident is when you file a claim expecting a payout.

Many homeowners thought their property policy would cover flood damage from a heavy rainstorm before learning they needed a separate flood policy.

Workers have filed claims for disability insurance benefits only to be told that being physically able to work in another job voids their claim.

Several businesses have learned too late that their general liability insurance does not cover the costs of a cyber attack.

Unless hackers have damaged physical assets such as computers or servers, traditional business insurance does not cover cyber attacks. That’s because a company’s data or network are not considered physical assets covered by property insurance.

With the growing incidence of cyber attacks on large and small businesses, commercial insurance carriers have added cybersecurity endorsements and riders on general liability policies.

This option appeals to many small business owners because it’s much less expensive than a standalone cybersecurity policy. Endorsements and riders also do not require underwriting, whereas a standalone policy typically does.

But as the old saying goes, you get what you pay for.

Endorsements and riders for cyber coverage often have exclusions and limitations, which include:

•     Little to no coverage for ransomware. In this type of cyber attack, a hacker plants malware on their target’s network, often by using a phishing message. This malware encrypts all of the victim’s files, leaving them unable to access any information stored on their network. The hackers hold the information ransom and demand a payment. If the payment is made, the hacker may restore network access.

•     Coverage limits. An endorsement may have a $50,000 aggregate limit for primary coverage. Many also have separate limits on specific costs of a cyber attack, such as forensic review of IT systems, legal services, regulatory fines and other costs. These separate limits could be as low as $5,000, which would evaporate quickly in the event of a typical cyber attack.

•     The most recent annual study of data breaches by The Ponemon Institute showed the average total cost of a data breach is $4.24 million. Even for small businesses, the cost of recovering from a cyber attack is almost $700,000 on average.

•     Exclusion for unencrypted data and social engineering. Most endorsements for cyber attacks will not pay on a claim if the hack resulted from transmission of unencrypted data.

•     Exclusion or coverage limit for social engineering. An attack that used social engineering to gain access will also not be covered by most general liability endorsements. Social engineering is the act of manipulating people to make actions or reveal confidential information. If social engineering is covered, the cap on benefits is typically limited to an amount far less than the average damages of a social engineering attack.

Another advantage of standalone cyber protection is many providers, including those used by ProDefender, provide assistance with the response to a cyber attack. General liability endorsements and riders do not typically provide this servce to policyholders.

These Cyber Breach Response Teams provide expert legal services and technical support designed to assist policyholders who have identified a data security breach. The teams work closely with a policyholder's management team, in-house and outside cyber-security experts, law enforcement and government regulators to accomplish compliant and timely public reporting as required.

Not responding properly could affect your reputation, do damage to your bottom line, and cause fines by consumer protection agencies.


Get A Quote

2289 Rate this article:
No rating

Theme picker