Does your company need cyber liability insurance?


For small businesses that work in the creative industries, spanning art, architecture, design, fashion, photography, film, and more, it’s easy to overlook something as mundane as cyber liability insurance. But with the majority of business conducted online, via email, and in the “cloud” these days, there’s a high likelihood that your company does need it.

There are two simple questions that you can ask yourself:

  • Does your business collect sensitive information online from clients or customers, such as credit card numbers and addresses from your online store?

  • Does your business store sensitive information such as employee social security numbers or bank account numbers in a cloud storage service like Dropbox, or via portable laptops and devices?

If the answer to either of these is yes, then it’s likely your company needs cyber liability insurance. Remember, a security breach on your company’s sensitive information is much more than a nuisance—if certain information was obtained in a hack, such as credit card information, your company is required by law to notify all of your customers.

This year, New York is seeking to expand this law to protect a gamut of sensitive information, including email addresses and passwords, medical records, health insurance information, and more. If you collect or store any of these things in your company files, it’s smart to protect yourself and your business with insurance.

What is cyber liability insurance and what does it protect?

In general, cyber liability insurance protects against hacking and viruses, as well as any fallout if a security breach does occur. In general, standard business liability insurance does not cover against a cyber attack—those policies typically limit coverage to “tangible” items—and many times the policy will specifically exclude cyber coverage.

As reported by NerdWallet, typical cyber liability protections include:

  • Help Mitigating Risk. If you run a small business, you may not have time to adequately manage your web security. Policies may provide periodic reviews and other assistance.

  • Reimbursement for Fees and Penalties. Insurance benefits could reimburse you for additional staff you hire to recover from a cyber-attack, paperwork or filing fees, or other related costs.

  • Business Interruption Protection. The smaller your business, the more income you lose if you’re temporarily sidelined. Cyber insurance can offset losses.

  • Legal Aid. If a data breach results in legal action, your plan could help find expert counsel, as well as cover legal fees and judgments against you.

Where do I get it?

Most major insurance companies have begun to add cyber liability insurance to their offerings, so ask your insurance agent about what type of policy would be right for your business. Premiums vary not just based on the size of your business, but also on the amount of sensitive data you store.

You could, however, qualify for lower premiums if your company takes specific precautions to tighten its internal security procedures. This includes:

  • Providing strong password protection for all devices, including servers, apps, cloud services, databases, tablets, and laptops, and implementing a company policy to change passwords regularly (the beginning of the year is a good time to do so!)

  • Reviewing and establishing email and “Bring Your Own Device” (BYOD) policies with all employees

  • Conducting regular security audits—either internally or with a company that specializes in security compliance—and maintaining a written IT security policy that defines procedures for how all data is handled.

  • Implementing network protections throughout your business, including firewalls, virtual private networks, and anti-virus and anti-spam software

Navigating the world of cyber security and other business compliance issues can be complex and overwhelming. For support, talk to a financial and business advisor that can you to plan accordingly.