What is commercial cyber liability?

In today's world, there's no threat quite like a cyberattack. Bad actors can infiltrate personal or business systems through the internet. They're stealthier than cat burglars and far more dangerous. Plus, they attack at a frightening frequency — about once every 1.2 seconds.

Of course, it's not just business owners at risk when it comes to cybercrime. Hackers can easily compromise millions of victims in one breach, including your employees and customers.

As a business owner, you know what's bad for your team and clients is bad for business. From service interruption, ransom payments or reputation damage, the financial consequences of a data breach can be devastating.

In fact, according to research by IBM, the average cost of a breach is $4.35 million, and nearly twice that if you're dealing with an insider threat. Additionally, the threat is greater for businesses located within the United States with the average cost $9.44 million.

So how do you protect yourself, your business, and your customers against data breaches and other forms of cybercrime?

Unfortunately, there's not an easy answer. Cyber threats are a complex, ever-evolving business challenge.

Many businesses protect against the financial risks associated from cyberattacks and data breaches with commercial cyber liability insurance.

What does commercial cyber liability insurance cover?

Commercial cyber liability is coverage that helps businesses survive data breaches and cyberattacks by helping pay for recovery and other associated costs. For example:

Your business becomes the target of cyber extortion.

Hackers use ransomware to hold your systems “hostage” and inaccessible until their demands are met. Cyber liability insurance can help you pay the ransom costs and regain control of your systems.

Cybercriminals infect your system with malware that damages software and data.

Cyber business insurance may help cover the costs of repairing software or hardware and restoring your data, as well as upgrading your security to prevent future losses.

A data breach exposes your customers' private information.

You have to hire data breach response services, notify all affected parties and offer complimentary credit monitoring services. However, several customers still sue your company for negligence. Now you have legal fees to deal with. Plus, you'll probably need to hire a public relations firm to help you avoid reputation damage. Data breach lawsuit insurance, also known as commercial cyber liability coverage, can help.

As you can see, the cost of a cyberattack can jump from expensive to financially devastating quickly, especially for a small business.

Commercial cyber liability coverage won't help you avoid an attack, but it can help you recover. It can help ensure that if your business becomes a target, your finances don't suffer a fatal blow. Along with a strong cybersecurity strategy, cyber business insurance can help you develop a well-rounded approach to these dangerous threats and their ripple effects.

What businesses need data breach insurance?

Some industries seem to be obvious targets for cybercrime: financial institutions, governments, health care organizations and more. It's easy to assume hackers would only target these types of large enterprises. After all, they usually have piles of confidential data — and cash.

But businesses of any shape or size can become a target. According to a report from Mimecast, in 2020, 61% of companies were victims of a ransomware attack. What's even worse: The average downtime was six days. Anyone, from solo entrepreneurs to large corporations, can become a victim.

Consider some of the factors that might make your business data appealing to a cybercriminal:

• Does your business accept any form of digital payment or credit cards? Hackers can use this data to access your customers' bank or credit accounts.
• Do you collect customers' personally identifiable information (PII)? Information like full name, addresses, Social Security number, bank account numbers and more are all likely targets. If it's personally identifiable, it could be useful to a cybercriminal.
• Do you store financial or medical data? Even if you're not strictly a financial or medical service provider, simply having access to that data can make you a target.
• Do you operate your business using computers, mobile devices, or other online electronics, tools or applications? If any part of your business lives online, you could fall victim to some kind of cyberattack.

Odds are, at least one of these items applies to your business. That means your organization may benefit from the security of commercial cyber liability insurance.

What if I already have general liability insurance?

General liability is one of the most common types of small business coverage, in part because it's a requirement for most commercial leases. These policies can help pay for business risks like bodily injury or property damage. But does a general liability policy cover hacking or data breaches?

Unfortunately, most insurers exclude cyber liability from general liability policies. You may be able to add an endorsement, but it may not provide the same coverage level as a standalone cyber policy.

What kind of cyber coverage does my business need?

There are two types of coverage to consider:

• First-party coverage. This can help pay for damages when your company's network or systems are attacked and helps you respond to cyberattacks and data breaches.
• Third-party coverage. This may help cover legal costs when another company is attacked and your business is blamed. It may also help if a data breach on a client or vendor's network affects your systems or data.

Case study: Take it from a real cybercrime ‘target.'

In November 2013, retail giant Target revealed that 70 million customers' personal data was exposed and hackers stole credit and debit card information for about 40 million customers.

Believe it or not, it wasn't a brute-force attack or an employee who fell for phishing. The perpetrator gained access through one of Target's third-party vendors, a contracted HVAC company.

Companies often supply their vendors with credentials to their network. Hackers may be able to steal those credentials and work through the organizations' network to deploy malware and access the information they want. The result can be a blend of financial and reputational messes that may be challenging for the organization to clean up.

Here's how cyber liability coverage might come in handy for businesses in similar circumstances:

• First-party coverage can help an organization respond effectively to the incident and repair system damage caused by the malware.
• What if the vendor had been found legally responsible for Target's cyber losses? In that case, third-party coverage could help cover their legal fees.
• On the other side of the situation, business customers of an affected organization could benefit from cyber liability coverage if their business data, like credit card numbers, were stolen in the breach.

As you can see, there are a variety of situations that could put your business at risk of cybercrime, even if your business isn't the primary target of the attack.