Professional Liability Coverage and Cybersecurity Insurance

Cybersecurity insurance is a growing market. Increased demand for protection is in part responsible for this growth, but insurers are also beginning to exclude cybersecurity coverage in professional liability and other traditional business policies. To avoid gaps in coverage, businesses must understand what they are getting when purchasing professional liability coverage and cybersecurity insurance.

What Businesses Should Know about Professional Liability Coverage and Cybersecurity Insurance?

Inadequate insurance coverage can result in devastating losses in the event of a cyberattack, data breach, or other technology-related incident. However, paying for more coverage than necessary is a waste of revenue that could be invested elsewhere. Businesses of all sizes need to understand what to look for in cybersecurity liability coverage to accurately assess potential internal and external risks.

What to Look for in Cybersecurity Liability Coverage

There are two primary aspects to consider related to cybersecurity coverage in professional liability insurance or as a standalone policy or policies: first-party coverage and third-party coverage.

First-party coverage compensates the insured for losses suffered under the terms of the policy regardless of who or what caused the loss. This type of coverage includes data loss insurance and the related expenses incurred by a business or its employees as a result of a data breach or incident.

Third-party coverage insures against loss arising from claims lodged by a third party against the insured. Third-party coverage protects businesses from data breach liability and other legal responsibilities related to websites, online services, and more.

Knowing what to look for in cybersecurity liability coverage and what types of coverage your business does or does not need is essential to obtaining the most effective coverage at the best rate.

Data Loss Insurance for Expenses Incurred in a Cybersecurity Incident

First-party losses are direct expenses to your business in the event of a cybersecurity incident or system failure. Insurance policies or policy inclusions for first-party coverage may include losses or expenses arising from the following:

• Loss of income and productivity

• Incident investigation

• Data recovery

• Notification of potentially injured parties

• Credit monitoring

• Public relations and incident management costs

• Ransomware payments

• Regulatory fines or fees

In some policies, some of these items—like notification of parties or regulatory fines—might be considered first-party expenses and, thus, be covered by data breach liability policies or third-party coverage, depending on the language and terms of the policy.

Professional Liability Coverage and Cybersecurity Insurance for
Data Breach Liability

The inclusion of third-party cybersecurity coverage in professional liability insurance and other business insurance policies is becoming less common. Coverage included in traditional policies also might not apply to the various technology-related scenarios encountered by companies today.

When businesses are considering what to look for in cybersecurity liability coverage, the relative risk of the following possibilities should be evaluated:

• Data breach liability and personal privacy violations

• Damages to equipment or systems caused by interactions with the company’s website, electronic systems, or networks

• Media and website liability, including allegations of libel and more

A business investigating its cybersecurity coverage needs and options should carefully review any insurance policies the company is considering to confirm that the policy or policies chosen provide adequate coverage to protect the company and others in the event of a loss.

Choosing Appropriate Professional Liability Coverage and
Cybersecurity Insurance

When it comes to cybersecurity coverage in professional liability insurance, businesses should not make the mistake of assuming an existing policy is adequate. An evaluation of your company’s risks and needs, perhaps with the assistance of a technology professional, is critical to obtaining the appropriate level of protection.

After evaluating risk and need, assess the business’ available policies carefully. Businesses should confirm that potential exclusions will not limit coverage. For example, if a security breach occurs, will your first-party data loss insurance cover the costs of notification, or do you need a specific data breach liability policy to insure against that risk? Under any form of coverage, will voluntary notification be included or only notifications mandated by law? Companies must be careful to avoid loopholes that can prevent coverage when it is needed most.

Professional liability coverage and cybersecurity insurance are an important part of a company’s preventive management. When you need legal counsel on professional liability issues, the experienced attorneys of Shuman McCuskey Slicer PLLC are ready to assist you. Contact us by calling (304) 345-1400 or completing our online contact form.