Don't Risk IT
Cyber Liability Insurance: E&O Insurance’s Secret Weapon

Cyber Liability Insurance: E&O Insurance’s Secret Weapon

Monday, November 27, 2017/Categories: cyber-liability

Cyber attacks can trigger a financial catastrophe for small businesses and IT professionals, not to mention a slew of bad publicity. Fortunately, IT business owners of any size can implement safeguards and protect their business with Cyber Liability Insurance coverage found in many Errors & Omissions Insurance policies.

High-profile data breaches have made headlines this year, but smaller organizations are not immune to the problem. Earlier this year, Anthem Inc. agreed to a $115 million settlement over a data breach that compromised the data of more than 78 million people. According to Bloomberg, that's the largest data-breach settlement in history. (Related reading: "3 Takeaways from the Anthem Data Breach.")

Equifax could potentially face an even larger settlement if the company is sued over its hack that affected 143 million people. Equifax executives admitted to discovering the data breach in July, but didn't announce it until September, according to NBC News. Not a good look.

What Is Cyber Liability Insurance?

Before we explore how Cyber Liability Insurance can help protect IT professionals and business owners after a data breach, let's first take a look at how it works. The first thing you need to know is that there are two types of Cyber Liability policies:

  • First-party protects a business owner if their own system is hacked.
  • Third-party offers coverage if someone else, such as a client, is hacked because of your software or services.

First-party coverage is typically sold as a standalone policy that covers data breach recovery costs. Third-party Cyber Liability Insurance is often included in IT E&O Insurance and it can help cover data breach lawsuit costs.

"It is important, especially in this increasingly regulated era, for IT professionals to include cyber coverage in the full scope of all of their insurance policies for several reasons," says Shari Claire Lewis, a partner at the law firm Rivkin Radler. "For one, the activities of the cyber professional may actually be the source of a data breach ... or their services could allow another party to exploit a vulnerability."

In other words, if your work contributed to the breach (or failed to prevent it), you could find yourself in court. The more responsibility you have to keep your client's data safe, the higher your lawsuit risk may be.

"An IT consultant retained to review a client's network security, find weaknesses, and implement upgrades and new procedures faces different risks than the IT consultant who designs a website or performs backups of client files," says Jason Balogh, a partner at law firm Hickey Smith LLP. "If a court finds that a client's system was vulnerable because an IT professional was negligent in the services they provided, it is likely that the customer would look to the IT professional to recompense them for the losses they sustained as a result of a breach."

When Do I Need Third-Party Cyber Liability Insurance?

When your job is to protect client data, you probably need this policy. If your clients get hacked, they could potentially accuse you of not providing enough protection and failure to deliver services.

"If the client suffers a data breach, then the IT consultant can reasonably expect to be sued for negligence in the provision of professional services," says Balogh. "In this case, Errors and Omissions Insurance could insulate and protect the IT consultant."

Fortunately, if you are sued, your Cyber Liability coverage can help by covering your legal defense and settlement or judgment fees. (Related reading: "How to Help Your Clients (and Protect Yourself) after a Cyberattack.")

When Do I Need First-Party Cyber Insurance?

You should consider a standalone first-party cyber insurance policy if you store your own sensitive information on your computer systems. It can help pay for data breach recovery expenses, such as:

  • Customer notification.
  • Security incident investigations.
  • Crisis management.
  • Money to pay ransomware demands.

"To the extent that IT professionals are holding employee information, if they are providing healthcare coverage to their employees and their families, if they're allowing people to pay through credit cards into their system, they are handling data that they need to protect," says Lewis. "They're not different from other businesses in that regard."

Balogh points out that IT consultants may also store valuable information about clients on their systems.

"An IT consultant likely has highly sensitive information, including system backups, personally identifiable information, and login and password details for its clients," says Balogh.

How TechInsurance Can Help

TechInsurance is the leading online agent in the US for IT freelancers, small businesses, and independent contractors. Since 1997, we have helped more than 100,000 IT professionals find the insurance coverage they need, including Cyber Liability coverage.

If you need a Cyber Liability policy, just fill out our hassle-free online application and receive competitive rates from multiple insurers. If you have any questions along the way just give us a call and you will be connected to one of our Cyber Liability Insurance experts. 

About the Contributors

As a partner with the law firm Hickey Smith LLP, Jason Balogh focuses on professional liability defense (including IT professionals), cybersecurity, employment law, and insurance coverage. For over a decade, Jason has been litigating high stakes cases in federal and state courts. Jason practices out of Hickey Smith's San Francisco and Pasadena offices.



Shari Claire Lewis is a partner at law firm Rivkin Radler (@RivkinRadler). She has focused her practice on the intersection of law and technology, often advising and representing clients on the 21st century technology challenges they face. With extensive experience in technology law, Shari represents entities at the cutting-edge of computer science and telecommunications, including: Internet registrars, software designers, internet-based businesses, and computer service providers.

The Small Business
Insurance Leader
800.688.1984 | 8 am - 5:30 pm CST | M-F
Customer Rating 4.9 out of 5
Read Customer Reviews


The Small Business Insurance Leader