Recovering From a Cyber Attack Can Be Costly.
Cyber insurance is one option that can help protect your business against losses resulting from a cyber attack. If you’re thinking about cyber insurance, discuss with your insurance agent what policy would best ﬁt your company’s needs, including whether you should go with ﬁrst-party coverage, third-party coverage, or both. Here are some general tips to consider.
What Should Your Cyber Insurance Policy Cover?
Make sure your policy includes coverage for:
Data breaches (like incidents involving theft of personal information)
Cyber attacks on your data held by vendors and other third parties
Cyber attacks (like breaches of your network)
Cyber attacks that occur anywhere in the world (not only in the United States)
Also, consider whether your cyber insurance provider will:
Defend you in a lawsuit or regulatory investigation (look for “duty to defend” wording)
Provide coverage in excess of any other applicable insurance you have
Oﬀer a breach hotline that’s available every day of the year at all times
What is First-Party Coverage and What Should You Look For?
First-party cyber coverage protects your data, including employee and customer information. This coverage typically includes your business’s costs related to:
Legal counsel to determine your notiﬁcation and regulatory obligations
Recovery and replacement of lost or stolen data
Customer notiﬁcation and call center services
Lost income due to business interruption
Crisis management and public relations
Cyber extortion and fraud
Forensic services to investigate the breach
Fees, ﬁnes, and penalties related to the cyber incident
What is Third-Party Coverage and What Should You Look For?
Third-party cyber coverage generally protects you from liability if a third party brings claims against you. This coverage typically includes:
Payments to consumers aﬀected by the breach
Claims and settlement expenses relating to disputes or lawsuits
Losses related to defamation and copyright or trademark infringement
Costs for litigation and responding to regulatory inquiries
Other settlements, damages, and judgments
More insurance resources for small businesses available at www.insureuonline.org/smallbusiness
The FTC thanks the National Association of Insurance Commissioners (NAIC) for its role in developing this content.