What is cyber liability insurance?

Protecting your physical locations is a required aspect of insuring businesses against risk. All businesses take steps to ensure their locations remain protected against physical damage and resulting liabilities. However, traditional insurance policies weren’t designed with cyber risks in mind. 

General Liability (GL) insurance protects business owners from third-party claims of injury, property damage, and negligence related to their business activities. The confusion associated with General Liability coverage for cyber incidents centers around the resulting third-party property damage coverage provided in GL policies. Unfortunately, in the world of GL insurance, property only encompasses tangible property and not your digital assets. Nor do GL policies.

For IT providers and consultants, GL policies do often include an endorsement titled "Digital Data Protection Endorsement." Where this endorsement is present, the GL policy will cover the loss of data, but only for situations where third-party data is lost due to property damage.

When potential cyber events and losses are not explicitly covered or outright excluded by traditional policies, this may be called silent cyber or non-affirmative cyber. Due to the confusion regarding what is covered by a traditional policy vs. a cyber insurance policy, policyholders risk having unexpected coverage gaps.

Cyber insurance is a type of insurance that provides coverage for the various loss exposures companies face (both first-party and liability to third parties) that result from a cyber incident. For example, as a result of cyber incidents, businesses may face financial losses due to the costs associated with remediation or lost income if the incident renders their equipment and services completely inoperable.

Coverage provided by cyber insurance policies includes first-party coverage against losses such as data destruction, cyber extortion, theft, hacking, ransomware, denial of service attacks, or even systems failure events that cause business interruption losses. Cyber insurance policies often include third-party coverage (also called third-party liability) indemnifying companies for damages suffered by other entities as a result of their purported negligence or failures. Examples of third-party liability losses include failure to safeguard data, multimedia wrongful acts such as defamation, and regulatory fines and penalties. 

Often, a cyber incident can expose customer information, including sensitive information such as credit card data, social security numbers, or medical data. Some cyber liability insurance policies will include notification and credit monitoring services as well as to help businesses report the incident to the appropriate regulators. 

Cyber insurance varies widely in what's included. Some policies cover only specific types of cyber events, such as data breaches, where an organization loses its employee and/or customer data to a threat actor. Many carriers have pulled back on covering ransomware attacks, a specific type of cyber attack wherein an organization's data is held hostage. Some cyber insurance policies offer preventative services such as technology scans and monitoring, while others do not.

The immediate benefits of cyber insurance include breach response costs, indemnifying businesses for immediate out-of-pocket expenses incurred to investigate and remediate a cyber incident. These costs include legal fees and expertise, forensics investigation, notification, and public relations or extra expenses associated with restoring businesses back to operations.

Two components go into pricing: actuarial science and underwriting. Each views exposure through a different lens. 

An actuary produces rating plans based on big picture items — the insured's industry, revenue, company size, and more — that help the insurer predict risk. Because cyber attacks can have a tremendous domino effect, actuarial factors must include the business' technology stack, including their operating systems, hardware, software, and internal controls.

Coalition determines each business' risk using our proprietary data platform that evaluates a company’s externally facing exposures while monitoring current and emerging cyber threats. By adopting the perspective of threat actors and viewing business exposures through the lens of their vulnerabilities, this results in a more accurate depiction of their risk, which we incorporate into pricing. Our scanning tools provide early indicators of exploitable cyber targets which then help inform the underwriting process. Technology is a dynamic risk, and by gathering threat intelligence data through constant scans of the internet, we can price our policies appropriately.

Coalition's data-driven underwriting process utilizes proprietary algorithms and thousands of data points in our Active Risk Platform to analyze a company's risk posture. This information, combined with a simple online application, enables Coalition to determine coverage eligibility, quoted premium rates, and minimum self-insured retentions (SIR) based upon the coverages selected. 

The entire application and underwriting process can be completed, in most cases, within four minutes for small and medium-sized businesses. However, in some circumstances, a quote may require further review. When this happens, we aim to complete our review within a few business days of application completion (subject to the availability of any additional information requested). At this point, the policy may be bound.

Our underwriters look at the severity of exposure from vulnerabilities outside the scope of technology-based rating factors. Examples of technology-based underwriting decisions include:

• A single domain allows quick identification of any relevant associated domains and IPs.

• Comprehensive scanning of the public web includes thousands of ports and up to billions of relevant IP addresses and multiple threat vectors.

• Integration of organizational data including financial, HR, M&A, regulatory, and compliance helps to build a complete risk profile.

• Proprietary incident response and claims data allows proactive identification of risks that result in claims.

• Leveraging insight from data and emerging threats with applied artificial intelligence, data science, and machine learning.

Cyber risk evolves quickly, with new threats constantly emerging. Traditional insurance providers, which have historically accepted the transference of known and predictable risks, lack the visibility and tools to keep up with these new, fast-paced digital risks. Coalition's insurance model uses technology and data-driven underwriting to assess organizations' risks in real-time and give them the tools to mitigate and address them. We call this Active Insurance: the first insurance product designed to prevent risk before it strikes. Active insurance relies on three simple but critical pillars: 

Active Risk Assessment: Our proprietary data platform correlates claims, incidents, public, and scan data to create a near real-time snapshot of an organization's digital risks. This identifies potential issues from the start—an insight that most organizations could never get from their insurer.

Active Protection: Continuous scanning and monitoring of digital assets and other risk factors associated with cyber and executive risks, including personalized alerts for critical issues, so brokers and policyholders are made aware when risks change.

Active Response: Support and guidance from an in-house team of experts who can respond to incidents as they occur to address threats, reduce exposure, and get companies back up and running quickly when incidents strike.