Asset protection is a major consideration for any business. As you well know, assets come in both the tangible and intangible variety. And when you talk intangibles, the first thing that usually comes to mind is data.
The majority of companies doing business today rely upon the Internet. While it has opened up global-sized opportunities, it has also exposed businesses to proportionate risk. Understanding what the risks are and managing them is crucial to a company’s survival.
Depending upon your exposure, your standard property and commercial general liability insurance may not adequately cover the risks of an external cyber attack or network security failure due to natural causes. If your business is heavily dependent upon Internet usage or if your company performs the majority of its basic functions electronically, you may want to consider specialized cyber-risk coverage as a stand-alone policy. Each policy is geared to specific company requirements, including the technology being used and the level of risk involved; and both first- and third-party coverages are available.
Typical aspects of coverage include:
- Loss/Corruption of Data – This coverage deals with damages to or destruction of vital information resulting from viruses or malicious code.
- Business Interruption – If a company’s network is attacked and that attack limits its capability to conduct business, the loss of income is covered. Coverage also includes extra expenses, forensic expenses and business interruption losses.
- Liability – This coverage includes legal defense costs, settlements, judgments and, in certain circumstances, punitive damages that a company may suffer as a result of breach of privacy due to theft of data; transmission of a computer virus which causes financial loss to third parties; a breakdown of security which results in network systems being unavailable to third parties; providing IT professional services; and allegations of copyright or trademark infringement, libel, slander or defamation in the company’s Web site.
- Cyber Extortion – This covers the resolution of an extortion threat against a company’s network, and the cost of hiring a security firm to track down and negotiate with blackmailers.
- Public Relations – This covers those costs associated with restoring public confidence in the company after a cyber attack.
- Cyber Terrorism – This coverage includes terrorist acts covered by the Terrorism Risk Insurance Act of 2002 (TRIA) and, in some instances, it may cover terrorist acts beyond those stated in TRIA.
- Identity Theft – This provides access to an identity theft call center to report stolen customer or employee personal information.
The cost for coverage varies with the type of coverage required. A company can purchase a policy that covers a limited number of threats to its system’s integrity for a few hundred dollars, or it can spend thousands of dollars on a policy that covers the gamut of high-tech dangers. It is generally believed that cyber insurance policies will become less expensive as they become more widely needed.