As has been widely reported in the news over the past several weeks, a Chinese army unit of “cyber-warriors” has apparently been executing a cyber-hacking program against many well known U.S. companies (e.g., Google, The New York Times, Twitter, Apple) as well as certain federal government agencies. Coming on the heels of President Obama’s February 12, 2013 Executive Order on “Improving Critical Infrastructure Cybersecurity” there is no doubt that “cybersecurity” is an important issue for all businesses, big and small.
In response, many companies have been considering the possibility of adding “cyber-liability” coverage to their corporate insurance program.
When thinking about cyber-insurance, here are some things to keep in mind:
- Companies frequently make the mistake of assuming that cyber-risks are covered by general liability or property coverage. That may not be the case; it depends on the policy.
- Cyber-liability coverage may be needed for two different kinds of potential losses and liabilities: “first-party losses” and “third-party losses.”
- “First-party losses” are losses that may be incurred by your business, such as lost revenue, damaged hardware or software, or replacing corrupted data.
- “Third-party losses” are claims and liabilities that your business might owe to outside entities or individuals who are damaged as a result of your business’s data breach.
- According to insurance industry experts, premiums for cybersecurity insurance can vary widely.
Dmitri Alperovitch, former Vice-President of Threat Research at computer security software company McAfee and now Chief Technology Officer at a cybersecurity start-up, stated that “every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly) with the great majority of the victims rarely discovering the intrusion or its impact.”
“In fact,” said Mr. Alperovitch, “I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.”
While cyber-insurance can’t stop a cyber-attack, the right policy can help a company respond to an incident when it occurs.