1. Home
  2. Knowledge Hub
  3. Cyber insurance helps protect against a brave new world of risk

Cyber insurance helps protect against a brave new world of risk

September 10, 2019

Companies of all sizes are vulnerable to today’s growing cyber risks. Dedicated cyber insurance may protect companies against risks other policies can’t cover.

Head of Professional Liability and Cyber

Michelle Chia is the Head of Professional Liability and Cyber for Zurich North America, a position... About this expert

man and woman looking at laptop

Cyber attacks are increasingly being recognized by CEOs and corporate boards as one of the most significant strategic risks their businesses face. According to the 2019 EY CEO Imperative Study, 51% of CEOs now rank cybersecurity as the leading global challenge threatening business growth over the next 5-10 years. The Ponemon Institute’s 2019 Cost of a Data Breach Report notes that the average total cost of a U.S. data breach is now $8.19 million. That’s up from $3.54 million in 2006, a 130% increase.

While proactive steps to strengthen cyber security are more critical than ever, in the current environment no actions can guarantee invulnerability. And if an organization or municipality is hit, the costs of remediation and repair can balloon quickly. That’s where the value of cyber risk insurance for today’s organizations is coming into play.

Global broker Marsh reports that the number of clients purchasing cyber insurance has doubled over the past five years, with nearly 40% of customers now purchasing standalone policies. Marsh notes that cyber insurance “is a reliable, cost-effective way to transfer the risks companies face from the increasing use of data technology in business operations.”

But while a growing number of clients are opting for standalone cyber insurance policies, many others have yet to do so. In some cases, clients may have bundled robust cyber coverages within their traditional errors & omissions (E&O) insurance, but many others are simply going without. In part, some decision makers may remain skeptical about the need for standalone cyber policies based on a misreading of the degree of risk their organizations face, or a belief that current security measures are adequate. But, cyber risks are changing by the day, and a security protocol effective in 2018 may be seriously vulnerable in 2019.

Additionally, some customers still believe that property and crime policies will respond to evolving cyber threats. But traditional insurance products did not anticipate the highly fluid and transformative risks today’s cyber criminals represent. A standard property policy may do an excellent job insuring against fire and other physical perils, but may not respond to cyber exposures.

Modern, dedicated cyber insurance policies provide a laser focus on technology-related risks. As a class, they offer broad and targeted protections that other policies simply do not. Among the coverages most cyber insurance policies include are:

  • Privacy liability defense costs and damages relating to privacy breaches or for failure to disclose those breaches
  • Event management expenses, including notifications and investigations of breaches, costs related to call centers and legal and forensic services
  • Network security liability for failure of your security protocols to prevent a breach impacting customers and other users
  • Regulatory expenses, such as local, state, federal or regional privacy directives
  • Cyber extortion coverage, including payment of ransoms and investigative expenses
  • Business interruption coverage to replace revenue lost due to an attack on a network, including contingent business interruption coverage when an external cyber event affects supply chains and extra expense coverage for added costs during the restoration period to help a company recover more quickly
  • Information and data asset protection for the costs to recover and restore vital information
  • Media liability for suits related to online slander, disparagement or copyright infringement

Some cyber insurance products also include professional network risk assessments and monitoring services. The goal is to identify and remediate intrusions that may already have occurred and to provide ongoing oversight to help prevent infection by the many new malware variants arising every quarter. For instance, Zurich’s Cyber Insurance Policy includes services automatically provided by an external cyber security firm with broad experience serving both the federal government and private industry.

Cyber risk insurance makes sense for any business, from Wall Street to Main Street and all in-between. Once again, the essential value of this product is that it is specifically designed to respond to the needs of businesses faced with a new and continuously evolving risk that is changing, and growing, by the day.


Learn more about the
Zurich Cyber Insurance Policy and what it is designed to cover.

The information in this publication was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute advice (particularly not legal advice). Accordingly, persons requiring advice should consult independent advisors when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods or safety suggestions contained herein. We undertake no obligation to publicly update or revise any of this information, whether to reflect new information, future developments, events or circumstances or otherwise. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances. The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy. Cyber coverage is available according to the specific terms and conditions of the policy issued and, of course, each claim must be evaluated according to its specific circumstances of loss.

Comments with LinkedIn

You are logged in as (Logout)

Input is not correct!

0/180