In an age where a stolen laptop or hacked network can instantly compromise the personal data of all your clients, protecting your firm from cyber liability is just as important as protecting yourself from some of the more traditional exposures. Cyberrisks and data breaches are most likely not covered under your legal professional liability or general liability policies.
Use the yellow hot spots and explore how cyber liability insurance can help protect against common risks.
The Internet has spun a whole new web of liability exposures. E-commerce, social networking, cloud storage, and other technologies bring great benefits to large and small businesses alike. But with these benefits also come challenges, including protection of privacy, data, and financial information of your customers. If this information is lost, stolen, or compromised, your company is at risk. In fact, you may even be required by law to alert those impacted by the breach and to pay for any financial loss incurred.
Cyber liability coverage offers protection due to unauthorized access of electronic data or software within your network. It also provides coverage for spreading a virus, computer theft, extortion, or any unintentional act, mistake, error, or omission made by an employee. This coverage is quickly becoming more and more important as you embrace technology to help run your business.
If your company is faced with a data breach or cyber-attack, you may be forced to cover breach-related expenses such as crisis management, hiring a public relations firm to manage a data breach incident, costs associated with forensic analysis, the cost of repairing and restoring computer systems if there is a virus that destroys business software and data, and the loss of business income resulting from a data breach.
First-party coverage will insure your business for losses to your own data or lost income or for other harm to your business resulting from a data breach or cyber-attack. This coverage will pay you for things like business interruption, the cost of notifying customers of a breach, and even the expense of hiring a public relations firm to repair any damage done to your image as a result of a cyber-attack. Having this funding available in the event of a crippling hack can keep the lights on till you’re able to resume your normal business operations.
What would you do if an email virus impacted the operation of your database and prevented you from serving clients for a day or more? Or what if a hacker or cyber-criminal caused a system outage or extended downtime, leaving your business inoperable? These and other events can destroy your ability to serve clients and bring in revenue, which can have a major long-term impact on the viability of your business.
Business interruption insurance compensates you for lost income if your company cannot operate as normal due to disaster-related damage that is covered under your commercial property insurance policy, such as data breach or cyber-attack. Business income insurance covers the revenue you would have earned, based on your financial records, had the disaster not occurred. The policy also covers operating expenses, like electricity, that continue even though business activities have come to a temporary halt.
If your business handles sensitive customer data (such as email lists, credit card records or other files), data breaches pose a serious threat to your financial stability. A lawsuit resulting from a data breach means your business is responsible for paying legal fees, court-ordered judgments or settlements and other court-related costs.
Third-party coverage protects you in the event of a lawsuit brought by a customer or partner for a data breach that your business' actions or negligence allowed.
If your business experiences a data breach or violation of confidential information during regular business operations, you may be found in violation of privacy laws and be required to pay fines for the violations or other regulatory issues.
You may be eligible for regulatory claim coverage which would offer protection in response to proceedings related to disclosure laws and other governmental actions that can result in defense costs, fines and/or penalties. Coverage does vary and may be restricted by local law.
If hackers gain control of critical systems, they may demand a ransom be paid to avoid additional consequences. Sometimes these can be empty threats, but it’s impossible to know for sure. Paying the ransom can be costly. Taking a chance by choosing not to pay can sometimes put a company out of business.
Coverage for ransom and cyber extortion can be included in cyber liability policies and can help cover the cost of ransom to regain control of network systems. This is often not included in a standard policy, may include a separate sublimit and deductible, and may require adherence to certain conditions set forth by the insurer.
Cyber liability insurance is specifically designed to address the risks that come with using modern technology. The level of coverage your law firm needs is based on your individual operations and can vary depending on your range of exposure.
If your law firm experiences a data breach, you have a responsibility, and are sometimes legally obligated, to report the breach to your clients. This can damage both your finances and your relationships with your clients. Cyber liability coverage may cover the costs of notifying the people or institutions affected as well as any lost income resulting from the data breach.
What Your Cyber Policy Should Cover
- First party coverage: Covers your own data or lost income after a data breach.
- Third party coverage: Covers your liability to clients or government/regulatory entities.
- Confidential information: Covers data when it is under the care, protection or control of third parties (the copy center you use, IT support services, etc.).
- Unencrypted devices: Protects laptops and other devices from easy access if they are stolen.
- Data restoration: Covers the work hours and money needed to regain your lost data.
- Coverage for corporate clients: Covers liabilities for your clients that are companies, corporations, or partnerships, as well as the people who work for these entities.