Are you adequately covered in case of a cyber security breach?

By Gloria Forbes posted 03-27-2018 13:50


Someone hacks into your system. They encrypt your data and hold it for ransom. You pay the ransom to minimize the disruption to your business. They then provide the key to unlock their hold on your data so you can resume operations.

Cyber breaches hit the news daily.  While we all focus on the privacy liabilities associated with the cyber breach, there is less focus on our own loss. We are not fully aware of the potentially uninsured costs associated with the breach. The time, resources, expense and lost opportunity costs spent can be significant. In the above scenario:

  • Do you have coverage for the ransom that was paid?
  • How quickly do they provide the information you need to resume operations?
  • Do you have coverage for the loss of income that you suffer while you are unable to access your system?
  • What about coverage for damage to the equipment itself caused by the breach?

Property insurance policies exclude damage to your property when the damage results from a cyber loss. There is also no coverage for the resulting business interruption losses that you might experience. Certainly the property policy will not cover the ransom paid.

Cyber policies are the source of protection for liability claims that arise from a privacy breach. We know that they cover the notification cost for which we might be responsible. But we don’t often think of these policies to cover our own exposures. Your cyber policy can be extended to cover damage to your property, business interruption and ransom. There are valuable services offered within cyber policies to assist you in a number of ways. Some contracts include an evaluation of your risk that is available when you bind coverage. Most carriers have crisis management services when a breach takes place. All have negotiated rates to lower notification expenses for which you may be liable.

Time is often of the essence when responding to cyber breaches. To that end, companies that implement data breach response plans prior to suffering an attack can speed their recovery from such a breach while minimizing their losses. Assigning responsibilities to employees in advance of a breach will expedite the process of contacting appropriate help and ensuring that steps do not get missed. Keeping a dedicated hard copy list of contacts in the event of a breach will also help – having all this information only accessible through your computer system will not help you respond to a breach if you are locked out of your system as a result of the breach. The amount of detail in your breach response plan can depend on the size of your organization and the resources you have available to approach these issues.

Most breaches result from either human error or failing to update software to address known vulnerabilities. Simple steps in these areas can help avoid expensive losses. Renewal is a good time to review your potential business exposures. Working with CSIA Insurance Program, you can mitigate your loss. If you would like more information or a coverage review, contact Paul Barnard at or Jeffrey Forbes at