As you put together a risk management plan for your IT or technology business, you’ll no doubt find that Cyber Risk Insurance (also known as Cyber Liability Insurance and Data Breach Insurance) is an essential component. And while many types of businesses benefit from the protections Cyber Risk policies provide in the Information Age, IT companies tend to have greater risk exposures than those that don’t work as closely with customer data.
Insurance companies understand this and have developed two separate types of Cyber Risk Insurance to meet the needs of both IT and non-IT companies. Here’s an overview of what each type offers.
What Is First-Party Cyber Risk Insurance?
This type of Cyber Liability coverage is the kind that non-IT firms most often need – that is, for most non-IT firms, first-party coverage is likely adequate to cover the risks they face. When a business experiences a data breach or similar event, it files a claim on its first-party Cyber Risk Insurance policy. The benefits it could collect from this policy typically include funds for…
- Notifying clients that their information was compromised or exposed.
- Purchasing credit monitoring services for customers affected by the breach or hacking incident.
- Launching a public relations campaign to restore the reputation of the company affected by the breach.
- Compensating the business for income that it isn’t able to earn while it deals with the fallout of the data breach (i.e., Business Interruption Insurance).
- Paying a cyber extortionist who holds data hostage or threatens an attack.
Any company that stores customer data (in the form of email lists, credit card records, or other files) could be victimized by a data breach and benefit from first-party Cyber Risk Insurance coverage.
Some IT firms may want to purchase this coverage, but more likely, their greater exposures will be through third-party incidents.
What Is Third-Party Cyber Risk Insurance?
Third-party Cyber Risk Insurance covers the people and businesses “responsible” for the systems that allowed a data breach to occur. (Take a closer look at data privacy issues in "When Data Is Compromised, Who Is Responsible?")
Think of it this way: if your home flooded, you’d need flood insurance to pay for the damage to your property. That’s akin to first-party Cyber Liability Insurance. But say you’re the architect who designed the home or the contractor who built it. In the event of a flood, you could be sued for doing work that enabled flood waters to get in. You’d need the equivalent of third-party flood insurance to pay the damages.
Digital work functions in the same way. Third-party Cyber Risk Insurance offers protection for the tech and IT companies and independent contractors who were responsible for the safe storage of data (e.g., those who manage a network that was breached or attacked by a phishing or pharming incident).
Events that might trigger a company to file a claim with its third-party Cyber Risk Insurance policy include…
- Failure to anticipate or prevent the transmission of a virus to a third party. In other words, a security gap in your software let a virus onto your client’s machine and it spread to all your client’s email contacts. (For tips on mitigating your cyber risk, see the article "10 Things You Can Do to Protect Your Tech Business against Cyber Attacks.")
- The misuse, disclosure, or theft of confidential information stored on a network. This is your classic data breach: one or more of the systems you set up allowed a hacker to access and/or expose your clients’ customers’ information.
- Infringement of the right to privacy. This could involve an event in which a system you built failed to keep confidential information properly secure.
Who Needs Third-Party Cyber Risk Insurance?
Whether you’re a freelance programmer or the head of a steadily growing IT firm, it’s a good idea to consider purchasing third-party Cyber Risk Insurance, as well as Errors & Omissions Insurance. Why? Because in the lawsuit-happy world we live in, no business is too small to be named in a suit.
If and when a major company experiences a data breach, its lawyers will likely name in a suit every single person who worked on the system or systems that allowed or failed to prevent the breach. That means that, even if you only worked as a freelancer on a small part of a project for a company you never had direct contact with, you could find yourself slapped with an expensive lawsuit. With third-party Cyber Risk Insurance, you’ve got a much better chance at keeping your finances intact and your business afloat.
Writtten by Brenna Lemieux - check her out at Google+ or Twitter