Avoiding catastrophic business loss through cyber liability insurance


Hardly a week goes by that the national media does not report on another Internet data security breach, denial-of-service attack or other cyber loss affecting Fortune 500 clients and their thousands (or hundreds of thousands) of customers. The costs of simply investigating and responding to these losses -- not to mention the resulting lawsuits and regulatory fines -- can be staggering. For instance, the Ponemon Institute estimates that response costs can be as high as $200 per compromised record. It is not difficult to understand how total costs for a wide breach can quickly escalate well into the millions of dollars.

Enter the insurance industry. Historically, in the face of a third-party claim, one would turn to general liability or other policies. Yet coverage under general liability policies is typically limited to "property damage," which may include physical damage to servers, for example, but probably not loss of the data itself. And while crime, fidelity or errors and omissions policies may provide some coverage, again they would typically exclude the lion's share of the expense of a cyber loss. The response has been a line of policies -- known as cyber liability (or data/privacy liability) policies -- specifically tailored to cyber risks.