Federal Contracts may require you to buy Cyber Liability, but what are you buying?
The plain fact is most business owners who buy Cyber Liability coverage do it for contract compliance, but they really don’t know what they are buying. To make matters worse, no two coverage forms are alike, and they are not structured the same way. Consequently, there are vast difference between policies, the coverage offered and the pricing. For many contracts, you are required to buy the coverage. It only makes sense to understand what the policy will and won’t cover. The following is a brief look at the key exposures to losses and their impact:
Cyber (Third Party) Liability
- In the event that the work you performed becomes a conduit for a breach, you can be held responsible for the financial consequences. For example, did the breach shut down a government agency? Did it lead to a breach of classified information? Did it lead to a breach of Personally Identifiable Information or Protected Health information?
Potentially, there are financial consequences to your firm in any of those scenarios. Specific concerns include the definition of the type of event that triggers the coverage, the amount of your deductible and the limits of insurance that you purchased.
Cyber First Party Coverage
- This is the area that is often left uncovered – and it can be damaging from a cost perspective. First Party addresses those costs that you directly incur from a data breach including the hijacking of a system. It addresses (1) the forensic costs to diagnose the problem, (2) the cost of the fix and (3) notification to all of the parties that have had their data breached. Many states require that the notification also includes credit monitoring – yet another expensive cost related to the breach.
There is one more area that may be the most critical to address – Business Interruption. Depending on the extent of the breach, the resulting shutdown can be costly to your client, and in turn, to you. What we find shocking is how few clients have been given the option to have this coverage included in their Cyber policy. EC&S believes this coverage is usually a necessity.
We have only pointed out a few of the critical exposures that need to be addressed in the policy that you are buying or intend to buy. EC&S can help navigate the differences between what you are buying, what you thought you were buying and what you want to buy.