Due to the lack of actuarial data, it’s been difficult to price cyber liability insurance. This is one reason insurers depend so much on evaluating each insured according to its risk management procedures and risk culture. As a result, cyber risk coverages are more customized and, therefore, can be more costly, depending on the vulnerabilities of the system and the environment.
The type and cost of cyber liability coverage offered by insurers is based on the type of business, its size and geographical scope, the number of customers it serves, its web presence, the type of data it collects and stores and other factors, including its risk management and disaster response plan. Cyber liability policies might include one or more of the following types of coverage, according to the National Association of Insurance Commissioners:
- Liability for security or privacy breaches. This would include loss of confidential information by allowing, or failing to prevent, unauthorized access to computer systems.
- The costs associated with a privacy breach, such as consumer notification, customer support and costs of providing credit monitoring services to affected consumers.
- The costs associated with restoring, updating or replacing business assets stored electronically.
- Business interruption and extra expense related to a security or privacy breach.
- Liability associated with libel, slander, copyright infringement, product disparagement or reputational damage to others when the allegations involve a business website, social media or print media.
- Expenses related to cyber extortion or cyber terrorism.