Making Sense of Cyber Liability Insurance

Most people who own or run a business are aware of the many digital risks threatening their companies with increasing frequency. As new mainstream companies announce data breaches seemingly weekly, business owners are educating themselves on ways to avoid falling victim to cybercrime. But what happens when a company’s cyber defenses fail? That’s where insurance comes into play; specifically, cyber liability, or data breach, insurance.

Third-Party Protection

Let’s start with an overview of what cyber liability insurance is. Generally, cyber insurance provides protection when a company experiences a loss or data breach of sensitive or private information. This includes things like email addresses, personally identifying customer information, corporate confidential information, credit card numbers, or health records. Notably, most cyber liability policies only respond by covering third-party damages or damages affecting someone who is not the policyholder. Some examples of what would be covered are:

  • Costs to defend and settle a lawsuit if the policyholder is sued by the victim or victims of a data breach.
  • Costs credit card companies incur to reissue lost or stolen credit cards as a result of a data breach.

First-Party Protection

For some companies, a policy that protects against third-party damages might be enough. However, for most companies, third-party damages only account for a portion of the costs incurred with much more damage being considered first-party. Crucially, first-party damages are not covered by most cyber liability insurance policies. Where third-party damages are damages experienced by a person or entity that is not the policyholder, first-party damages are damages experienced by the policyholder themselves. Examples of first-party damages that would likely not be covered by a basic cyber policy include:

  • Revenue a company loses as a result of a data breach or hack.
  • Reputational damage incurred because of a cyber incident.
  • The cost of performing a forensic investigation to determine the extent of a breach.
  • The costs of notifying affected parties that they are victims of a breach.
  • The cost of providing identity theft protection to individual victims.
  • Fines handed down by the payment card industry in cases where credit card information is lost or stolen.
  • The costs of upgrading systems and hardware to resume credit card processing after credit card information has been stolen.
  • Paying a ransom to release hijacked systems or data.
  • Money lost as a result of unauthorized bank transfers or illicit payroll runs.
  • Whaling, or cases where a company representative is tricked or coerced into sending or moving money.

As evidenced above, there are many costly first-party damage scenarios where a standard cyber liability insurance policy will not provide protection. So, how do companies make sure they’re truly protected if their current cyber defenses aren’t enough to prevent an incident? The most robust and complete cyber insurance strategies include cyber liability insurance that specifically provides protection for both first and third-party damages and that integrates closely with more traditional insurance lines like a crime policy a property policy.

bookmark_border Free Resource



We are working hard to bring cyber products to market that provide well-rounded protection. Our instant-issue cyber liability policy, for example, provides $100,000 in protection against first-party damages as well as many third-party damages offering a fast and economical way to get protection in place. For larger companies where $100,000 isn’t enough, we have more robust customizable cyber liability policies accessible through our proposal generator that we place along with crime and property policies that specifically respond to the threats the customer is most likely to face. Without properly understanding, acknowledging, and communicating the threats their company faces to their insurance broker, business owners will likely have critical gaps in their coverage.

Obviously, we hope that anyone reading this never needs the insurance products we sell and we strongly believe that the most cyber defense strategies can have a significant impact towards reducing the likelihood of ever having a cyber insurance claim. However, today’s business owners must be vigilant in responding to the cyber threats they face and proper cyber liability insurance is an important component of that response.