There are two different kinds of cyber-related risks (aka liabilities) that threaten small businesses – first-party and third-party – and different small business insurance policies cover each one.
- First-party cyber liability refers to risks that threaten data on your network. A data breach that exposes all the credit card records of a fast food restaurant is an example of a first-party cyber risk event.
- Third-party cyber liability refers to risks that threaten data on your clients’ network. The software developer who built the credit card storage software that was breached in the above example might have third-party liability if the system were breached.
Most of the cyber risks IT professionals face involve third-party liability. While your own computers might be hacked, your third-party liability is probably much greater. You work with many clients and can be liable for all of their networks. In essence, your third-party liability increases substantially with every new client you sign.
Why Do Two Insurance Policies Cover Cyber Risk?
This is where things can get confusing. There are actually two different policies that cover data security risks. A data breach can be covered by…
- Cyber Liability Insurance. This insurance policy only covers the costs associated with first-party cyber liability incidents, and is less important for IT firms. This policy is only relevant for an IT business that stores a lot of customer data on its own network.
- Errors and Omissions Insurance. To cover third-party liability (which you’re exposed to via data breaches on client computers), you need to purchase Professional Liability Insurance. Only E&O Insurance pays for lawsuits over IT flubs that cause data leaks on client networks.
As we saw above, third-party cyber liability insurance is the kind of data breach insurance most IT professionals need. This means you'll need to purchase E&O coverage to protect your tech company from data breach lawsuits.
Which IT Companies Need First-Party Cyber Liability Insurance?
The first-party protection offered by Cyber Liability Insurance (sometimes called Data Breach or Cyber Risk Insurance) pays for the cost of a company’s response to a data breach on its network, including…
- Credit monitoring of customers who were affected, to prevent identity theft.
- Customer notification of the data breach.
- Additional temporary personnel to help notify customers of a breach and handle other data-breach-related tasks.
- Forensic investigations to discover the cause of the breach.
- New advertising and P.R. campaigns.
While most tech companies don't need first-party coverage, firms that manage a lot of client data on their own networks might want it. For instance, an Application Service Provider (or SaaS company) might purchase first-party coverage if they wanted added coverage to shield themselves from the expense of a data breach response.
E&O Insurance: Third-Party Cyber Liability Coverage for IT Firms
E and O Insurance (also called Professional Liability Insurance) covers a tech firm's third-party liability exposures, paying for lawsuits from clients whose networks have been broken into.
Remember all those costs we just listed above? A data breach is expensive. When a client is faced with a breach, they'll have to shell out money for notification, credit monitoring, and other services to rebuild their reputation and limit the damage of the breach.
After paying for these costs, these clients will look to recoup the expenses, which they can do by suing any party who can be held responsible for the breach – e.g., their IT consultant. Clients might seek other damages, claiming the data breach harmed their reputation and diminished their profits. E & O Insurance can pay for these lawsuits.
In addition, E and O Insurance covers your professional liabilities, which include more than just data security. If you fail to deliver a project on time or a customer is dissatisfied with your work, Errors & Omissions Insurance can also cover your legal expenses.
Because of the variety of coverage E&O policies provide, it is one of the first small business insurance policies many tech firms purchase. If you'd like to look at a sample insurance quote, check out our E&O Insurance estimates.
