Cyber attacks can trigger a financial catastrophe for small businesses and IT professionals, not to mention a
slew of bad publicity. Fortunately, IT
business owners of any size can implement safeguards and protect their business with Cyber Liability
Insurance coverage found in many Errors & Omissions Insurance policies.
High-profile data breaches have made headlines this year, but smaller organizations are not immune to the problem. Earlier this year, Anthem
Inc. agreed to a $115 million settlement over a data breach that compromised the data of more than 78 million people. According
to Bloomberg, that's the largest data-breach settlement in history. (Related reading: "3 Takeaways from the Anthem Data Breach.")
Equifax could potentially face an even larger settlement if the company is sued over its hack that affected 143 million people. Equifax
executives admitted to discovering the data breach in July, but didn't announce it until September, according to
NBC News. Not a good look.
What Is Cyber Liability Insurance?
Before we explore how Cyber Liability Insurance can help protect IT professionals and business owners after a data breach, let's first take a
look at how it works. The first thing you need to know is that there are two types of Cyber Liability policies:
- First-party protects a business owner if their own system is hacked.
- Third-party offers coverage if someone else, such as a client, is hacked because of your software or services.
First-party coverage is typically sold as a standalone policy that covers data breach recovery costs. Third-party Cyber Liability Insurance is
often included in IT E&O Insurance and it can help cover data breach lawsuit costs.
"It is important, especially in this increasingly regulated era, for IT professionals to include cyber coverage in the full scope of all of
their insurance policies for several reasons," says
Shari Claire Lewis, a
partner at the law firm
(@RivkinRadler). "For one, the activities of the cyber professional may
actually be the source of a data breach ... or their services could allow another party to exploit vulnerability."
In other words, if your work contributed to the breach (or failed to prevent it), you could find yourself in court.
The more responsibility you have to keep your client's data safe, the higher your lawsuit risk may be.
"An IT consultant retained to review a client's network security, find weaknesses, and implement upgrades and new procedures faces different
risks than the IT consultant who designs a website or performs backups of client files," says
Jason Balogh, a
partner at law firm
Hickey Smith LLP.
"If a court finds that a client's system was vulnerable because an IT professional was negligent in the services they provided, it is
likely that the customer would look to the IT professional to recompense them for the losses they sustained as a result of a breach."
When Do I Need Third-Party Cyber Liability Insurance?
When your job is to protect client data, you probably need this policy. If your clients get hacked, they could potentially accuse you of not
providing enough protection and failure to deliver services.
"If the client suffers a data breach, then the IT consultant can reasonably expect to be sued for negligence in the provision of professional
services," says Balogh. "In this case, Errors and Omissions Insurance could insulate and protect the IT consultant."
Fortunately, if you are sued, your Cyber Liability coverage can help by covering your legal defense and settlement or judgment fees. (Related
reading: "How to Help Your Clients (and
Protect Yourself) after a Cyberattack.")
When Do I Need First-Party Cyber Insurance?
You should consider a standalone first-party cyber insurance policy if you store your own sensitive information on your computer systems. It
can help pay for data breach recovery expenses, such as:
- Customer notification
- Security incident investigations
- Crisis management
- Money to pay ransomware demands
"To the extent that IT professionals are holding employee information, if they are providing healthcare coverage to their employees and their
families, if they're allowing people to pay through credit cards into their system, they are handling data that they need to protect," says
Lewis. "They're not different from other businesses in that regard."
Balogh points out that IT consultants may also store valuable information about clients on their systems.
"An IT consultant likely has highly sensitive information, including system backups, personally identifiable information, and login and
password details for its clients," says Balogh.
How TechInsurance Can Help
TechInsurance is the leading online agent in the US for IT freelancers, small businesses, and independent contractors. Since 1997, we have
helped more than 100,000 IT professionals find the insurance coverage they need, including Cyber Liability coverage.
If you need a Cyber Liability policy, just fill out our hassle-free online application
and receive competitive rates from multiple insurers. If you have any questions along the way just give us a call and you will be connected to
one of our Cyber Liability Insurance experts.
About the Contributors
As a partner with the law firm Hickey Smith LLP
, Jason Balogh
focuses on professional
liability defense (including IT professionals), cybersecurity, employment law, and insurance coverage. For over a decade, Jason has been litigating high stakes cases
in federal and state courts. Jason practices out of Hickey Smith's San Francisco and Pasadena offices.
Shari Claire Lewis
is a partner at law firm Rivkin Radler
. She has focused her practice
on the intersection of law and technology, often advising and representing clients on the 21st
century technology challenges they face. With extensive
experience in technology law, Shari represents entities at the cutting-edge of computer science and telecommunications, including: Internet registrars, software
designers, internet-based businesses, and computer service providers.