As I speak with small to medium size business(SMB) owners about cyber breach, I’ve discovered there’s some misunderstanding about their risk and how their current insurance program will respond to this type of loss. Often they believe that their general liability policy will protect them or that they’ve got coverage under their media liability or directors and officers liability policies. They are potentially both wrong and right. There may be some insurance protection available under other policies, but there are frequently significant gaps in coverage that could leave an SMB at risk of financial and reputational damage.
At a minimum, general liability, media liability and directors and officers liability insurance won’t address your 1st party exposures such as notification costs or forensic investigation fees when a breach occurs. According to the Ponemon Institute, data breach incidents cost U.S. companies $214 per compromised customer record—and without 1st party coverage (1st party exposures make up a very sizeable portion of the $214 per record), the brunt of a breach will fall squarely on the business. Some general liability policies may not cover 3rd party liability altogether. For example, the property damage component under a general liability policy requires damage to “tangible” property as opposed to “intangible” property such as data. SMBs that purchase a media liability insurance policy with cyber liability coverage may not realize that in some cases the cyber liability policy may share a single limit of liability with the media liability policy—this could create a financial hardship for the SMB if it is faced with multiple losses which could quickly eat up this single shared limit.
Cyber gaps can be a costly exposure for a business. If you’re not sure about your cyber liability coverage, talk to your agent or broker to make sure you don’t have any gaps.
Ken Goldstein is a vice president for Chubb Specialty Insurance.