Cyber Insurance: Top 5 Things to Look for in a Policy

Legal Compliance Resource
June 3, 2014 — 1,693 views  

What do Target, Nordstrom’s and Ebay have in common besides retail sales? They have faced high profile data breaches resulting in the loss of consumers’ personal and, in the case of Target, financial data. Gone are the days when hacking into a business was a rare occurrence. There are now weekly reports of hackers bypassing security and gaining access to private information. 

While large companies have the ability to hire an entire staff to address these security breaches, those with smaller pockets are often left vulnerable. A new type of insurance had been gaining in popularity recently. Cyber liability insurance coverage (CILC) is a broad term that can cover the following items (

• Data breach/privacy management costs;
• Multimedia/media liability coverage for costs incurred due to website damage or intellectual property issues;
• Extortion protection; and
• Network security liability.

Many elements of a policy overlap, but these are the basics that are covered. When considering the purchase of a policy, there are five items that should be considered.

Policy Features

What does the business need? What types of data can be breached? The best way to begin is to determine what needs to be covered and why. Finding a broker with experience in cyber risks for the specific industry is important since they can identify key policy features that will benefit in the event of a breach.

Experts warn that one policy feature that should be identified before signing the policy is negotiating the right to use a personally favored vendor rather than one from the carrier’s pre-approved list ( When sensitive data, such as medical or financial records, has been breached, companies and clients want to work with familiar entities. Since CILC is still relatively new, there is room for companies to negotiate items in their policy.


Policies are less expensive than companies might imagine. Premiums can be as low as $2,000 per year. The face value of the policy can be as high as $30 million and deductibles as low as $10,000 depending on the contract ( When compared to the costs of involved in cleaning up a data breach, these amounts are negligible. 

Risk Management

Smaller companies generally do not have a risk management team. A good CILC can act as one. Since CILCs need to minimize their loss exposure, it is in their best interest to assist their customers in identifying, evaluating and mitigating gaps in security and privacy ( CILC should change the way companies approach a data breach and improve management techniques in the event one occurs.

Cloud Data and Mobile Coverage

Data is no longer confined to PCs linked to local servers. Employees have the ability to access data from laptops and other mobile devices anywhere there is Wi-Fi access. As more companies cut costs, cloud server companies are gaining in popularity. If the cloud server suffers a data breach, the company who is storing information on the server bears legal responsibility.

General Liability Does Not Apply

Companies cannot rely on their general liability policy in the event of a data breach. Liability only covers tangible property, such as PCs. They do not cover stolen data. Liability insurance does not cover the costs of notification which is required by law in 46 out of 50 States in the US (

Since hackers adapt faster than data security companies, a good CILC policy can mean the difference between staying in business and closing up shop.

Legal Compliance Resource