Skip to main content

«  View All Posts


Feeling a Bit Naked Talking About Cyber Liability?

May 11th, 2016 | 3 min. read

By Jonathan Waterman

Ever been that insurance agent who had to discuss cyber liability with a client while having very little idea of what a cyber liability policy is or does?  No wonder you felt like the naked one in the room!

I get it.  I’ve been that guy, too. It’s a very uncomfortable feeling, and not just because of the chill.

It’s not always clear what a cyber liability policy covers, so it can be tough to understand.  Every carrier seems to use different language to explain and define how their policy will respond to a variety of technology-related exposures.  Below, I’ll try to demystify some of this while pointing out the main coverage sections that most cyber liability policies should cover, especially if you’re selling a cyber policy to a medical business.

Hold on to your shirt … here we go:

First, let’s talk about what cyber isn’t.  There are two other types of coverage that are sometimes found or packaged with certain cyber policies:

  1. Technology Errors & Omissions (E&O). This is a type of E&O coverage designed to cover businesses that deliver technology-as-a-service, also known as TAAS. This type of coverage protects such businesses from lawsuits directly related to the delivery of their service to others.
  1. Billing E&O. This is a type of coverage that is designed to protect the insured from billing mistakes or allegations of fraud or abuse related to the insured’s billing practices. This is a common area of concern for medical businesses in particular.

Although the above two coverage areas may be important to some businesses, they don’t make up the heart of the average cyber liability policy. So what does?

These are the main coverages that are found in most cyber liability policies today:

  • Network Security and Privacy Liability. This covers a business’s liability in the event that they suffer a loss of private customer data or records (think patients, if you’re a medical business) due to some form of breach of their computer network.
  • Regulatory Defense & Penalties. Most states have created laws that require businesses that suffer a loss of private customer data to respond within certain time limits and to notify their customers.  So, this coverage protects a business from regulatory inquiries and penalties that result from those laws.
  • Breach Management Costs. This covers a business’s efforts to notify their customers of a breach, which is one of the most common areas of expense involved in a cyber liability claim. It also provides state-required credit monitoring services for at least a year after the breach/loss. Other costs to directly manage the breach may also be covered here.
  • Crisis Management and Public Relations Costs. This covers the public relations and media costs associated with responding to an adverse cyber liability event.  An affected business may need help controlling the messaging related to a breach in their system. A good carrier providing this coverage will have experts on hand to immediately help their insured deal with the difficulty of relating a breach to customers and community and reassuring them that corrective measures are being taken.
  • Cyber Extortion and Other Crime. Some hackers breach business networks to extract private data and then use it to extort the business for gain.  Unfortunately, this type of crime is on the rise so this type of coverage is increasingly important.
  • System Damage and Business Interruption. Some policies will also insure a business’s physical equipment and reimburse for lost revenues due to an interruption in the daily operations of the business resulting from a breach event.

That wasn’t so bad, was it?  Keep in mind, understanding these main parts of cyber liability will only give you a good start.  Each cyber policy tends to look and read a bit differently than the next and could include additional coverages that may also be important for the insured.  So make sure you review each cyber quote you receive before passing it along to your insured.

If you need a wholesale partner to help you attain and understand cyber liability options for your medical clients, feel free to contact me. Because it’s always more comfortable when people – and the companies they represent – are covered up!

Ethos Insights

  1. Don’t assume cyber liability is too complex or nuanced to understand. Better to ask questions now and find the right coverage for your clients than to wait until after they’ve been exposed.
  2. Costs associated with cyber breaches extend well past the technology that’s been compromised. Policies designed to protect against these losses anticipate multiple categories of potential expenses – many of which can be serious enough to threaten business viability.
  3. Cyber liability coverage has evolved quite a bit in the last 5 years. There still may be some further evolution of this coverage area as insurance companies continue to strive to write policies that cover what businesses need.

Jonathan Waterman

Jonathan, the Co-Founder and Chief Operating Officer of Ethos since its inception in 2004, has had a distinguished insurance career dating back to 1992. Beginning as an underwriter specializing in medical liability insurance for PHICO Group, he progressed to roles with Frontier Insurance Group and National Specialty Underwriters, Inc., before co-founding Ethos in 2004. Jonathan's background as a med-mal underwriter and in the wholesale market uniquely positions him to drive operational excellence at Ethos, utilizing his expertise in identifying data patterns. He has contributed to industry dialogue through his blog articles and participation as a panelist at events such as PLUS. Beyond his professional pursuits, Jonathan finds joy in family, a wide range of hobbies including music and sports.