%20transparency_edited_edited_edited.png){kind=small}
WHY CYBER INSURANCE?
In addition to physical risks like property damage and liability, businesses also face risks that come from using technology. Cyber insurance is your safety net.
​
-
70% of breached businesses go out of business within six months.
-
43% of cyber attacks are aimed at small and medium businesses
-
55% of ransomware hits businesses with fewer than 100 employees
BASED ON A TRUE EVENT
WHAT IS CYBER INSURANCE?
Cyber insurance helps protect businesses from the financial impacts associated with cyber threats such as data breaches, ransomware attacks, and other cyber incidents. It's about having support during a breach and the resources to prevent one.
WHAT BUSINESSES NEED CYBER INSURANCE?
Every type of organization, from global companies to mom and pop shops that use technology to do business, faces cyber risk. As technology becomes more complex and sophisticated, so do the threats that businesses face.
Most Common Industries:
​
-
Technology Companies
-
Healthcare Providers
-
Financial Institutions
-
Manufacturing
-
Startups
-
Professional Services Firms
-
Retail and E-commerce
-
Education
-
Government and Public Sector
-
Hospitality
-
Media and Entertainment
-
Energy and Utilities
-
Telecommunications
-
Non-Profit Organizations
CYBER QUICK LINKS
CYBER INSURANCE READINESS CHECKLIST
PROTECT YOUR BUSINESS TODAY
Prepare for Cyber Insurance with Ease.
​Simplify the process and apply for the right coverage. Gain a clear understanding of cyber insurance, its importance, and how to prepare your business.
WHY THIS CHECKLIST?
Our guide is your roadmap through policies, requirements, and implications.
Ready to secure your business? Click to download our Cyber Insurance Readiness Checklist and take the first step.
WHAT DOES CYBER INSURANCE COVER?
Cyber insurance adapts to the changing needs of the businesses it safeguards and is thus not standardized. However, it generally covers several key issues, including:
​
-
Cyber extortion: Threats of data disclosure resulting in reputational damage, DDoS attacks disrupting systems, blackmail and extortion attempts using stolen information, threats of system manipulation or destruction, and doxing, which exposes personal information to harm or extortion, are just a few of the risks associated with cyber extortion. Policies may provide coverage for expenses incurred due to cyber extortion including ransom payments, negotiation costs, and legal assistance.
-
Business interruption/loss of revenue due to a breach: A financial impact and disruption to normal business operations caused by a cybersecurity breach, resulting in a loss of revenue or interruption in business activities. Coverage may include the costs associated with investigating and responding to a data breach, notifying affected individuals, and providing credit monitoring.
-
Data loss, recovery, and recreation: Data loss refers to the accidental or intentional loss, corruption, or unavailability of important data caused by a cyber incident. Recovery involves locating and restoring lost data from backups or other means, while recreation entails reconstructing data that cannot be fully recovered from existing sources. Insurance may cover the costs of recovering lost data, restoring systems, and any related business interruption expenses.
-
Loss of transferred funds: Cyber insurance may cover financial losses resulting from a cyber incident that disrupts business operations, including revenue loss and extra expenses incurred to restore operations.
-
Computer fraud: Computer fraud often involves social engineering techniques, where attackers manipulate individuals within an organization to gain access to sensitive information or perform fraudulent activities. This can include phishing emails, impersonation, or pretexting. Cyber insurance may offer coverage for losses resulting from social engineering attacks, such as funds transferred based on fraudulent instructions received via email or phone.
-
Privacy liability: The unauthorized disclosure or misuse of personally identifiable information (PII) or protected health information (PHI), which may result in legal actions, regulatory fines, or settlements. This risk includes the potential for legal actions, regulatory fines, and reputational harm as a result of breaking privacy or data protection rules.
-
Multimedia liability: The risk of legal claims and financial losses arising from the insured organization’s cybersecurity practices or breach of privacy obligations related to multimedia content, such as unauthorized use, infringement of intellectual property rights, defamation, or invasion of privacy through digital media.
Important Note: Errors and omissions insurance is not cyber insurance and cannot serve as a substitute for proper cyber insurance, even if the E&O policy has a technology error rider.
​
If hackers expose or steal personal information, such as Social Security numbers, driver’s license number (in some states), address, and bank account information, a cyber liability insurance policy pays for:
-
Notification Costs: This expense is significant because the company bears the burden of both identifying potential victims, which requires an internal investigation and providing notification that’s reasonably calculated to give actual notice.
-
Credit Monitoring: In effect, your cyber insurance policy pays for victims’ insurance policies. Regulators usually dictate the kind of credit monitoring to provide and it’s a safe bet they will not be satisfied with the cheapest available protection.
-
Civil Damages: Most of these liability lawsuits are class actions, with hundreds of thousands of dollars in damages at a minimum, even for a very small company.
-
Computer Forensics: This covers costs to hire computer forensics consultants working under the direction of your attorneys to determine whether a data breach occurred, to contain and prevent further damage, and to investigate the cause and scope of the breach.
-
Reputational Damage: Data breaches can have profound PR implications for any business. A preferred policy will help you handle the potential fallout by covering the damages stemming from brand aversion due to a cyber incident for a certain amount of time after the breach. It can also help mitigate the potential cost by paying PR management experts.
First-Party Coverage VS Third-Party Coverage
​
In today’s interconnected world, the risk of cyber incidents is ever-present, and organizations need to protect themselves against potential financial losses, legal liabilities, and reputational damage. Businesses have options when it comes to their cyber insurance, including first-party versus third-party coverages.
​
First-Party Coverage protects the insured organization itself against direct losses and expenses resulting from a cyber incident. It primarily addresses the financial impact on the policyholder’s own operations, assets, and reputation.
​
Third-Party Coverage is designed to protect the insured organization against claims made by external parties as a result of a cyber incident. It focuses on addressing the legal liabilities and financial consequences arising from the insured organization’s cybersecurity or privacy obligations.
​
Risks Covered
​
First-Party typically includes coverage for:
​
-
Data breaches occur when unauthorized persons or groups successfully gain access to sensitive data housed in digital systems.
-
Business interruption attackers may use a variety of techniques to bring down an organization’s IT infrastructure, networks, or systems, including distributed denial-of-service (DDoS) assaults, ransomware, or other malware.
-
Data recovery and system restoration defectiveness may hinder recovery efforts. Attackers may purposefully damage data backups, interfere with restoration procedures, or even destroy backup systems.
-
Cyber extortionists use ransomware, which encrypts important data and demands payment to unlock it, or they may threaten to reveal personal information or carry out harmful actions.
-
Digital asset loss is the possibility of losing priceless digital assets, such as cryptocurrencies, digital currencies, intellectual property, or digital media due to numerous circumstances.
Third-Party Coverage addresses risks related to legal claims made by third parties. It includes coverage for:
-
Privacy and security risk refers to inadequate protection of sensitive personal data that can lead to data breaches, privacy violations, and unauthorized access, which may be followed by legal action or regulatory penalties.
-
Network security liability relates to the dangers posed by insufficient network security measures, which can result in vulnerabilities that can be used by bad actors to their advantage.
-
Media liability arising from the insured organization’s cybersecurity practices or breach of privacy obligations.
Types of Losses Covered
​
First-Party Coverage primarily focuses on reimbursing the policyholder for its own financial losses and expenses incurred due to a cyber incident. This can include costs associated with:
​
-
Incident responses are the organized and coordinated action taken by businesses to manage and lessen the effects of a cybersecurity incident.
-
Data recovery, is the process of finding and restoring data that has been lost, compromised, or encrypted that has been impacted by the attack.
-
Business interruption is used to describe how a cybersecurity issue has caused a disruption to or end to routine company activities.
-
Reputational harm refers to the disruption or cessation of normal business operations as a result of a cybersecurity incident.
Third-Party Coverage covers legal liabilities and financial losses resulting from claims made by third parties. This can include costs related:
-
Legal defense
-
Settlements
-
Regulatory fines
-
Damages awarded to affected individuals or entities
Policyholder Perspective
-
First-Party Coverage, from the policyholder’s perspective, helps mitigate the financial impact and operational disruptions caused by a cyber incident. It assists in minimizing direct financial losses and facilitating a quicker recovery of business operations.
-
Third-Party Coverage provides peace of mind to the policyholder by protecting against potential legal claims and liabilities arising from a cyber incident. It helps safeguard the insured organization’s reputation and provides financial support for legal defense and potential settlements.
Legal and Regulatory Compliance
-
First-Party Coverage does not directly address the insured organization’s legal and regulatory obligations, but it can assist in meeting compliance requirements indirectly by covering the costs associated with incident response and data breach notification.
-
Third-Party Coverage is more closely aligned with legal and regulatory compliance obligations. It helps protect the insured organization against liabilities arising from non-compliance with privacy regulations, data protection laws, and other applicable cybersecurity requirements.
It’s important to note that first-party and third-party cyber coverage are often complementary, and organizations may choose to have both types of coverage to ensure comprehensive protection against cyber risks.
Cyber insurance providers also have a duty to defend policyholders from related administrative actions or liability lawsuits. For instance, cyber insurance will offer privacy liability coverage. This coverage is important for most companies, particularly those storing sensitive customer and employee information on their networks. Breaches that expose such information not only compromise those affected, but may expose your business to liability lawsuits from victims of such cyber incidents. Also, it will provide coverage in cases where you’re alleged to have violated privacy laws.
Additionally, most policies also provide resources that help policyholders design cost-effective and robust security and data encryption protocol. To further minimize liability risk, consider addressing BYOD (bring your own device) procedures.
What’s Not Covered?
While cyber insurance will cover things like data loss, loss of revenue, and business interruption, there are certain exclusions that a cyber liability policy will not cover. Let’s take a look at a few things that are not generally included in a cyber insurance policy.
Employment Claims
Cyber insurance policies will not cover claims of harassment, wrongful termination, or other employment-related issues. For these types of claims, you should invest in Employment Practices Liability Insurance.
Property Damage
As you might imagine, cyber liability insurance protects businesses from virtual harm and does not protect against physical property damage. If you need to insure a physical business property, you should look into a Commercial Property insurance policy.
Professional Mistakes
Cyber liability insurance shields your company from financial loss in the case of unsolicited cyber attacks. But, a standard cyber liability policy will not cover you if someone within your company makes a mistake that results in a data breach or cyber attack.
​
This is where Technology Errors and Omissions insurance comes into play. Tech E&O policies fill this coverage gap, which ensures your business is protected from any and all cyber attacks.
Theft of Intellectual Property
If you fear losses due to theft of your intellectual property, you’ll have to look towards a specifically tailored intellectual property insurance policy. Additionally, allegations that the policyholder’s patents infringe upon those of a third party will also not be afforded coverage.
Improvements to Cyber Security Systems
If your business is recovering from a cyber attack, one of the first things you will likely do is look to upgrade your security and technology systems. While this is an excellent first step, it is important to know that most policies will not cover the cost of improving your systems.
​
​
Social Engineering Attacks
It’s also important to note that social engineering attacks can be considered a special case. Social engineering refers to attacks that rely on psychological manipulation to gain access to sensitive information or funds. Victims following instructions from fraudulent emails or calls is not considered a computer system breach. Therefore, a special policy social engineering extension needs to be added to the cyber insurance.
​
Other Limitations and Reasons Your Claim Could Be Rejected
​
-
Company Knew that Systems Were Vulnerable Prior to Attack: The policy will not respond if you are sued for any potential vulnerabilities in your systems before a breach occurs.
-
No Reimbursement for Future Profits: Cyber insurance policies will typically not reimburse you for future profits lost due to a cyberattack or data breach.
-
Potential Acts of War: If an agent of a foreign power causes the breach, the coverage can be denied under the acts of war exclusion.
DOES CYBER INSURANCE HAVE A DEDUCTIBLE?
Like most coverages, the cyber liability insurance does have a deductible. You can select the amount of your deductible when securing the coverage. A deductible is a fixed amount of money you’ll have to pay before your coverage kicks in and starts paying. It is applied each time your cyber insurance policy covers a loss. If you go for a higher deductible, you’ll be able to secure lower premiums.
WHAT DOES CYBER INSURANCE COST?
It’s best to shop for this type of insurance by coverage as opposed to cost. Your company’s sophistication and ability to avoid an incident and coverage limit are the two biggest factors in determining premium costs, as well as revenue and number of unique PII or PHI records stored or maintained on the insured’s systems.
WHY GET IT WITH BLUEZONE?
Easy
We’ve made it easier than ever before to secure cyber liability and data breach insurance.
​
Affordable
As an independent broker we shop industry leading carriers to find the best combination of price and coverage for your industry.
​
Experience
Our knowledge of insurance and cybersecurity makes the process of applying, underwriting, and obtaining insurance a much easier lift.
​
Speed
Our clients appreciate our responsiveness and communication.
WHAT OUR CUSTOMERS SAY
Jay is an absolute professional, knows his stuff and treats people really well. He and BlueZone have a great solution for small business owners and with my experience working with him, he's someone you can trust to do a great job and back up what he says.
David Szwedo
GarageUp
CYBER SERVICES
We help you mitigate exposures and reduce risk before, during, and after a cyber incident happens.
No matter how well insured you are, it’s better to prevent disruptive and undesirable cyber incidents before they happen. BlueZone is your trusted advisor, we offer services that can assist with incident response preparation, staying ahead of software vulnerability exploits, improving your front-line defenses, and assist in potentially preventing malicious activity from entering and spreading in your network.
Review and Compare: BlueZone, Your One-Stop Shop for Top A-Rated Carriers
Chubb has handled cyber claims for more than two decades and is a leader in insuring cyber risk. Combining industry-leading underwriting with expert loss mitigation and third-party incident response services, we offer policies that are tailored to the specific needs and risks of our clients to ensure you are ready with the tools and expertise necessary should a cyber incident occur. As part of the claims process, we track key metrics such as actions causing a cyber loss, whether a cyber incident was caused by an internal or external actor, the number of impacted records, and more. We analyze these metrics along with public trend data and policy data to help us continuously improve our business, provide insight to our policyholders, and help reduce exposures to future losses.
Chubb Cyber Index
The Chubb Cyber Index provides real-time access to proprietary data, giving you insight into current cyber threats and how you can protect your company against them.
STRUGGLING TO QUALIFY FOR CYBER INSURANCE?
Insurance carriers are cracking down due to the number of claims and insureds not actually having the required security controls in place that they claimed and guaranteed when purchasing a policy. They made mistakes in the early years, and now they are denying many businesses due to their lack of security protocols. BlueZone Cyber and Insurance is your certified advisor and can help in both areas! Our security bundles are designed for small and medium-sized businesses and automatically qualify you for a cyber insurance policy -- two birds, one stone. We also offer custom orders for companies of all sizes that already have some security in place but need to fill gaps to meet requirements and ensure they are secure and insured.
Problem
BlueZone Solution
Cyber Applications are too technical to fill out
Let the BlueZone team fill out the application on your behalf! We know these applications backwards and forwards.
Carriers are denying customers because they don't have security controls in place
Purchase a BlueZone security bundle and you're automatically qualified for a policy! We know what carriers are looking for, and how to make sure your company has it.
Exclusions. Carriers are denying a lot of claims
If you fill out the application incorrectly, you're likely to have your claim denied. Let the BlueZone team make sure your claims get paid out!
