This risk transfer tool is critical for small and large companies alike.
I have been writing about commercial insurance for dietary supplement and nutraceutical companies for years; almost all of it related to product liability or similar topics such as product recall insurance. This article will examine a topic for the ages, which goes by several names within the insurance industry: cyber liability, cyber risk, data breach, network security and technology, among others. For this article let’s stick with cyber liability.
Even this term “cyber liability” is somewhat misleading in terms of the coverage that can be provided. The implication is that it is like a general liability or product liability policy, which covers your legal liability to others for products or services you provide to customers (so-called third party liability). A cyber liability policy will do that as it relates to cyber services or exposures that involve your customers, employees or the public at large. However, a cyber liability policy can also cover your own financial loss due to a breach of security involving just your company, for example, loss of profits due to a security breach (so-called first party insurance).
All companies, large and small, currently lacking this insurance should consider it. Larger companies probably have already done this and purchased some level of protection, as many of them have risk management people who are constantly assessing levels of risk, and/or astute CFOs who have acted on this kind of insurance. Smaller companies, though, often do not have these tools, and thus the focus of this article will be on the protection offered to smaller companies and the steps needed to implement a policy. So let’s look at an overview of the coverage and coverage options.
First-Party Insurance Coverage
- Legal and forensic services to determine whether a breach occurred and assist with regulatory compliance.
- Written notification of affected customers and employees, including costs such as letter preparation and mailing.
- Customer credit monitoring, as well as monitoring of other public records.
- Crisis management/public relations assistance to help maintain your reputation.
- Business interruption expenses including loss of profits, plus extraordinary expenses such as use of third-party services, in order to mitigate a covered claim.
Third-Party Insurance Coverage
- Settlements or civil awards you are legally obligated to pay after a data breach.
- Electronic media liability, including infringement of copyright, domain name, trade name, service mark or slogan on a website.
- Potential coverage for employee privacy liability as well as network security and privacy liability.
Risks of Data Breaches Are Real
Many small business owners may not think they need this type of insurance, but the reality is that they are the most vulnerable to security threats. Small businesses handle sensitive customer credit or bank account information daily, and many are also responsible for protecting customers’ medical information, Social Security numbers, driver’s license numbers, etc.
Don’t forget about the sensitive personal information of your employees stored on your company’s computer network. One careless mistake by an employee, an errant document that went unshredded, a break-in by a skilled hacker, a stolen laptop and a myriad of other scenarios may expose your company to a data breach and ensuing financial loss.
Protect Your Business
Another benefit of cyber insurance (and many kinds of insurance for that matter) is this: After a data breach, for example, the insurance allows you to focus on damage control and customer relations, working in concert with the services provided by the insurance company via the policy.
Without the insurance you are immediately going to be focused on mustering those needed services yourself, distracting you even more from your core business duties. Decisive and swift action to mitigate damages is very important in the case of security and data breaches, and a cyber liability policy tailored to your needs will deliver those objectives.
This is actually the easy part for a small business. Insurance companies have streamlined the application process to the point where they can produce a “non-bindable” indication of premium after they receive answers to a handful of easy questions. This means that the insurer will give you an indication of premium cost and commensurate coverage. You then have a pretty good benchmark on premium cost and can perform a risk transfer analysis without a lot of work. You can then proceed to answer a few more questions and get a firm, bindable quote.
However, don’t think without basic protections in place, such as a firewall, confirmation of a virus protection program and a responsible inside or outside professional identified as your IT manager, you’ll get a quote. Applying for this insurance is like applying for automobile insurance. If you can show a good driving record you’ll probably get several companies clamoring for your business. Similarly, with cyber liability, the more controls and systems you have in place, the more quotes you will attract.
How to Shop for Coverage
Cyber liability coverage can be procured a few different ways. Many carriers offering insurance coverage to a small business in a “package” policy will offer cyber liability as an add-on option. These carriers are often represented by an agent, who may represent just a handful or even a single carrier, which limits choice and reduces competition for your business. The market for this insurance is quite competitive now, and the depth of coverage is generally expanding as insurers respond to emerging coverage needs and monitor the profitability of this line of insurance. Nevertheless, you want several insurers to compete for your cyber liability insurance.
For the industry that we serve—dietary supplement and nutraceutical retailers, contract manufacturers and raw material suppliers—we recommend using an independent broker, who can not only access many more insurance carriers than a typical insurance agent, but will also spend the time with you designing what cyber liability coverage you may or may not need. The coverage menu is extensive and a competent independent broker can assist you in getting the proper coverage for your company.