What is cyber insurance and data breach insurance?

October 28, 2020

Learn everything you need to know about cyber insurance and data breach insurance


A group of business owners experiencing a data breach 
If you own a business, whether it's small, medium, or large, you do whatever you can to protect it. You have insurance to protect your property, your vehicles, your employees, and your computer equipment - but what about the data inside? The more we rely on computers and the internet to help us run our businesses, the more we are risk of having that data compromised. 

Fortunately, there are insurance policies for that, too. However, like most insurance policies, there is a lot to know and you're likely to have plenty of questions. So what is cyber insurance and data breach insurance and how do they work? Read on as we discuss these policies and why your business may need them!

What is cyber insurance?


What does your business do? Maybe you own a corner cafe, serving coffee and tasty dishes to the neighborhood. Or perhaps you have a big distribution company that delivers food to such a place. Or maybe you run the IT company that helps connect these businesses to the internet. 

No matter what your company does, every year more and more businesses rely on the internet in some way shape or form. Of course, this means that criminals and hackers have more opportunities to run amok. 

Business insurance can help you protect your company's property and inventory in the event that someone breaks into it and steals something. Cyber insurance is designed to protect your company from cyberattacks and data-related claims of liability. Whether it is a direct attack from a hacker or a virus, it's important to protect your data and computer systems just as you would your brick and mortar storefront. 

You may have heard the terms "cyber liability insurance," often shortened to "cyber insurance," and "data breach insurance" before, and sometimes they are used interchangeably. However, depending on the insurance provider, these may actually refer to different types of coverages. Both provide insurance in the event of a cyberattack, but the specifics may vary. 

For the purpose of this blog, we'll treat cyber liability insurance and data breach protection insurance as two separate types of policies and discuss what they each may look like. 

What does cyber insurance cover?


Cyber insurance, is meant to provide protection for a number of scenarios following an event which may compromise sensitive customer data, like a cyberattack, and is generally thought to be a more comprehensive policy than data breach insurance. The features are usually divided into two separate categories: First-party coverage and third-party coverage. 

First-party coverage


The first-party portion of a cyber or cyber liability policy covers losses your business suffers as a result of something like a network breach. This could be the cost of repairing corrupted or damaged equipment, like computers or hard drives. 

However, when you are the victim of a cyberattack, it often requires a lot of investigation, not only to locate the source of the attack, but to identify the extent of the damage and any network security weaknesses. First-party coverage often covers investigation costs, lost revenue, and business interruption.

Furthermore, depending on your state's laws, you may be required to notify your customers of such an attack, and that can be costly. That's why this portion of the policy can also cover notification costs and even credit monitoring for those whose data has been compromised. 

Lastly, cyber liability insurance may cover the cost of restoring a company's public image. As you can imagine, a major data breach can cause negative media attention and may require hiring a public relations firm to assist.  

Third-party coverage


If your business experiences a cyberattack, it is rare that your business is the only one that suffers; customers and business partners often experience damages as a result, which are known as third-party losses. 

Hackers and cybercriminals can do a great deal of damage with the sensitive customer information they steal, which can often lead to a lawsuit. That's why third-party coverages include things like legal fees, settlement costs, attorney fees, and even potential regulatory fines. 

This is also an important part of coverage if you have company that manages or is otherwise responsible for the security of another business or client. For example, if you run an IT management company that sets up networks for your clients, you may be held liable if there is a security breach. Again, in such a scenario, it's important to have protection from potential lawsuits. 

What does data breach insurance cover?


In general, data breach insurance covers the same types of losses outlined in the first-party coverages found in a cyber liability policy. In other words, it covers data breach losses that pertain to your business, but won't likely cover lawsuits.

Data breach insurance typically helps with the following things:
  • Covers the cost of notifying customers of a data breach.
  • Credit monitoring for affected customers
  • Recovering data and investigating the causes
  • Business interruption and lost revenue
  • Reputation management

Does my business need cyber insurance? 


When assessing whether or not your business needs cyber insurance of some kind, there are a number of key points to consider and questions to ask yourself. 

What sorts of businesses need cyber insurance?


For starters, let's discuss what types of businesses need cyber insurance. Of course, there are plenty of businesses that very clearly need some form of cyber insurance, like IT management services, online retail companies, and so on. For such companies, having this type of coverage for their business is a given. Not only do they need to protect their businesses in the event of a cyberattack, they may need to have liability protection in the event that their client's experience a breach. 

However, these days, most companies, big or small, rely on some form of technology that interfaces with the internet. Even if you run a more traditional business with a storefront, like a restaurant, clothing store, or an auto body shop, you very well may have a need for cyber and data breach insurance. 

With that in mind, the question may not just be if you need cyber insurance, but how much. Of course, you'll need to speak with your insurance agent to help you evaluate exactly how much and what type of coverages your specific business needs. 

Texas data breach notification law


Another consideration that you must take revolves around the type of customer data your company stores and manages. For example, while a law firm may not necessarily rely heavily on technology, they often have incredibly sensitive data about their clients. In addition to regulations about how that data is stored, there may be regulations that dictate what your business must do in the event of a data breach or cyberattack. 

Ask yourself this: Do you collect, store, send, receive, or otherwise use personally identifiable information (PHI) or protected health information (PHI)? If so, then it's important to be aware of the law and what notifications it requires in the event that a customer's data is compromised. 

As with many laws, these rules and regulations can vary from state to state. Recently, Texas has put laws in place that require some businesses to report data loss, theft, or breach that impacts 250 or more Texans. As mentioned previously, notifying your customers can be an expensive process, which is great reason to have cyber liability and data breach insurance coverage. 

Do other insurance policies offer coverage for cyberattacks and data breaches?


If you've been running your own business for any length of time, then you may have looked at a number of different types of coverages, and you may even have several policies to protect you from different scenarios. Of course, these policies have specific limits and coverages of their own, and those often do not include cyber-related losses.

Does my business owners policy include cyber liability or data breach insurance?


Most of the time, cyber and data breach insurance coverages do not come standard with a business owners policy (BoP). Some insurance providers may offer additional cyber endorsements to your BoP, but it's important to understand exactly what that covers - not all cyber endorsements provide the same protection as a standalone cyber liability policy. Of course, this greatly depends on the insurance provider you have. 

A BoP will likely provide coverage for property you use for your business operations, such as computers, laptops, servers, and so on, but the data housed within is not likely to be included, nor will you be protected from any liability that results from the loss of customer data. 

Does a general liability policy cover cyber liability and data breach?


Depending on your business needs, you may have a separate general liability policy. These types of policies can be important for protecting you in the event that you, an employee, or the work you do causes damage or bodily injury to a client or customer. 

While the concept of cyber liability insurance is very similar, they cover very different things. Cyber liability will protect your business from lawsuits that result in lost, stolen, or compromised data and computer systems for which you are liable - many general liability policies will not.

Does your homeowners insurance cover cyberattacks and data breaches for your home business?


If you run a business from your home, it's important to understand what your homeowners insurance policy does and does not cover

While your homeowners insurance policy may cover a small amount of electronic equipment used for your home business, it will not cover damage done as a result of a data breach or cyberattack. 

How much does cyber insurance cost? 


Just like other forms of insurance, cyber insurance rates are determined by a variety of factors. Your network security, security measures, security history, and claims history may all play a role in your rate. 

Of course, your premium will depend on the amount of coverage your business needs. If you're a small business that doesn't regularly deal with sensitive customer data, you may not need much. However, if your business is responsible for handling such data for a large number of customers, or if your business protects other companies that handle such data (like an IT company), you may need more. 

As the business world adapts and grows into the digital world, we all must adapt in order to protect our hard work. With every new frontier we venture into, there are sure to be new dangers and risks.

Whether your business is knee deep in the world of technology and data or your brick and mortar storefront only occasionally uses technology, take some time to consider potential gaps in your existing business insurance coverage. If you are uncertain as to whether or not your business needs cyber liability or data breach insurance, or if your unsure how much coverage you need, reach out to your local insurance agent.

A business owner researching cyber insurance and data breach insurance

Since 1896, Germania Insurance has been the Insurance Texans Trust for great coverage and outstanding customer service. But don’t take our word for it! Hear what our customers have to say

For more information about our insurance products, request a free quote online, or reach out to one of our trusted agents today!


Read more: Running a business takes a lot of work! Check out our blog to learn more about insuring a business.

by Geoff Ullrich

About the Author

Geoff Ullrich is a writer and Content Marketing Specialist at Germania Insurance.