US health insurance provider Anthem has a $100-million Cyber Liability Insurance policy, but with 80 million people affected by the breach, that limit might not be enough to notify every customer, investigate the attack, and pay for other breach expenses.
As ZDnet reports, this breach could be one of the most expensive in history and it raises concerns among IT risk managers about whether their Cyber Insurance is sufficient.
Anthem's situation can be a useful example that will help us answer a few basic questions about IT insurance:
- What does Cyber Liability Insurance cover?
- Do IT consultants and contractors need Cyber Liability Insurance?
- Do you have enough IT insurance to cover the cost of a data breach?
What Does Cyber Liability Insurance Cover?
While risk managers have long been recommending Cyber Liability Insurance, it hasn't been until recently that businesses have seen why. After a spree of data breaches, everyone in the industry is talking about cyber security.
Cyber Liability Insurance covers a business's cost to respond to, investigate, and limit the damage of a data breach. Typical coverage pays for:
- Notifying customers affected by the breach.
- PR and crisis management.
- Call centers to handle questions from concerned customers.
- Forensic investigations of the breach.
- Credit monitoring for affected customers.
These are the costs your clients incur directly after a breach. And they add up quickly. The Ponemon Institute estimates that the average cost of a data breaches is $195 per lost record. So even if your clients only have a few thousand customer records, a data breach could cost hundreds of thousands of dollars.
Do IT Consultants and Contractors Need Cyber Liability Insurance?
Most IT contractors don't need Cyber Liability Insurance. Why? Cyber Insurance covers the cost of data breaches that occur on your own network, which means that this policy usually makes more sense for an IT contractor's clients. If you don't store a lot of customer data on your computers, you probably won't need it.
You can get insurance that covers your liability when a client is hacked. IT contractor Errors and Omissions Insurance pays for lawsuits when clients sue you, so data breach lawsuits will be covered under a standard Professional Liability policy.
However, there are some cases when IT professionals may also need Cyber Liability Insurance. If your IT firm provides a web hosting service, big data analytics, or other services that involve lots of protected data, a Cyber Liability Insurance might be crucial.
How Much Is Enough IT Insurance to Cover the Cost of a Data Breach?
As we mentioned above, data breaches can cost around $195 per stolen record. That would put Anthem's data breach well above the company's $100 million insurance limit.
If you or your clients had a policy for $1 million in Cyber Liability coverage, you'd be covered for a data breach that involved approximately 5,000 lost records. While a $1 million policy seems like a lot, in reality, the costs will add up quickly.
Making Sure Your Clients Have Cyber Insurance Is Good for Your Business
The reason this all matters for IT contractors is simple: if your clients have Cyber Insurance, they'll have coverage for their losses and will be less likely to sue you.
While your Errors and Omissions Insurance covers data breach lawsuits, you'd rather avoid the lawsuit altogether. Ensure your clients have a risk management plan that takes into consideration the cost of a data breach.
