On April 20, 2011, attackers exploited an opening in the Sony PlayStation Network's password-reset system and gained access to the company's customer database.
Sony later disclosed that the breach exposed names, mailing and email addresses, birthdates and other personal data for tens of millions of subscribers, and that credit card information may also have been compromised.
High-profile networks with millions of users are obvious targets, but small businesses that transact online face the same risks and can suffer similar consequences from intrusions.
When consumers or businesses give credit card numbers and other personal information to an organization, they expect that information to remain confidential; affected customers may hold the organization responsible if their data is misused.
Over time, criminals have also stolen large batches of payment card data and used it to commit widespread fraud. In one case, an individual stole hundreds of thousands of credit card numbers and generated thousands of fraudulent transactions and millions in charges.
Other incidents include insiders or contractors who disable defenses, install malicious software, or access protected records, and attempts to hack ATMs or payment systems for direct financial gain.
What a Cyber Liability Policy May Cover
- Damages to third parties caused by a network security breach
- Loss resulting from administrative or operational mistakes made by the business's own employees or by outside vendors
- Expenses resulting from a breach of consumer protection laws, such as HIPAA or the Fair Credit Reporting Act
- Costs of notifying customers of a breach
- Public relations expenses necessary to repair the business's reputation
Many insurers offer cyber liability policies, and a broker who does not have direct access to a carrier might obtain coverage through a specialty broker; see Cybersecurity and Insurance.
To prevent or reduce losses and to make themselves more attractive to insurers, businesses should implement strong network security, continually monitor systems, and update them as needed.
Develop a written incident response plan that names who is responsible for each task, describes how customers and authorities will be notified, and includes a public relations strategy to manage communications and protect the organization’s reputation; learn more about coverage options such as Cyber Liability Insurance.
The potential costs of a breach can exceed what most organizations can fund on their own, so buying cyber liability insurance is a way to manage that financial exposure and to access expert resources after an incident.
If you want personalized guidance or to review options, consider talking to an agent.
Frequently Asked Questions
What types of businesses need cyber liability insurance?
Any business that collects, stores, transmits or processes personal or payment information should consider cyber liability coverage.
Will cyber insurance pay for customer notification and credit monitoring?
Many policies include coverage for notification costs and credit monitoring, but terms and limits vary by policy.
Does having cyber insurance replace the need for good security practices?
No; insurers expect businesses to maintain reasonable security controls and an incident response plan to qualify for coverage and to limit losses.
How quickly should I act after discovering a breach?
Begin incident response immediately, notify your insurer as required by the policy, and follow your plan to contain the breach and communicate with affected parties.