Data is the new oil.
A record-breaking number of data breaches left 4.5 billion records compromised last year (2018) and there are no signs of these incidents slowing down. With an increasing awareness of data privacy and security, it is an opportune time for companies to revisit their policies.
Most companies providing professional services may already have some form of Professional Liability or an Errors and Omissions Coverage but given the massive number of cyber attacks, is it enough?
The short answer is no.
Professional Liability covers the legal aspects of a data breach. It is primarily designed to protect a company from legal accusations of incompetence, professional errors, preventable mistakes and negligence that may have contributed to the data breach. In effect, the policy only covers the legal costs that inevitably crop up with a lawsuit. This would include settlements, attorney’s fees and court judgments.
Professional liability coverage doesn’t even begin to cover the entirety of a data breach. That is why Cyber Liability coverage is preferred by companies. In essence, a Professional Liability policy is mainly third-party coverage.
So, what is Cyber Liability?
Cyber Liability takes a rather comprehensive approach in a situation where data is lost or stolen. As a general rule, policies include first-party as well as third-party coverages.
- First-party coverages entail the losses that a company incurs.
- Third-party coverages cover claims made by people outside a firm who have been affected as a result of the data breach.
First Party Coverages
- Loss/Damage to Data: Electronic Data belonging to the company or its clients that gets damaged, corrupted or stolen is covered by this. For it to be considered a loss, it should be a consequence of a hacker’s attack, a denial of service attack or a virus. Under this policy, the cost to hire external experts/consultants to fix the damage is also usually covered.
- Loss of Income/Excess Expenditure: If a company shut down is imminent due to the data breach, this policy helps to avoid or minimize the expenses incurred.
- Cyber Extortion: All too often, a hacker tries to extort money from a business after hacking into the system and makes threats either to leak data or corrupt the data. Extortion coverage would cover either the sum you pay the extortionist and/or the expenses you incur when you respond to their demand.
- Cost of Notifying Concerned Parties: The cost of notifying all parties that may have been affected by the data breach may also be covered by the Cyber Liability coverage. This would include the cost of hiring a lawyer who determines the level of obligation the firm is under as per the laws and regulations of the government. Some policies also go as far as covering the cost of setting up a call center or providing credit monitoring services for the affected parties.
- Tarnished Reputation: Data breaches often damage a firm’s reputation which may require a full-fledged PR and marketing campaigns to bounce back after an incident. Some policies cover the cost of hiring a PR agency as well.
Third-Party Coverages
- Network Security: This covers all the expenses incurred as a result of a lawsuit due to the data breach or affected parties unable to access their data on your system.
- Network Privacy: Lawsuits based on allegations of negligence or failure to protect sensitive data are covered under this liability coverage.
- Electronic Media: If data is leaked online, a company may get sued on the grounds of alleged defamation, copyright infringement or even privacy invasion. This liability coverage covers the expenses of such a lawsuit.
Cyber Liability covers all aspects of a data breach whereas Professional Liability coverages do not. Some cyber insurers go so far as to tailor policies specific to an industry and throw in other coverages as well.