Does Office Business Insurance Cover a Data Breach?

Data-Breach

Not without separate privacy breach or breach response insurance also referred to as Cyber Liability Insurance.

What does business insurance cover?

The foundation of business insurance is General Liability Coverage. General Liability insurance compensates you for attorneys’ fees, court costs, and settlements or judgments up to your limit of liability. It responds when a third party (any business or person who doesn’t own or work for your business) sues you over the following:

  • Bodily injuries occurring on your business premises

  • Property damage you caused while doing your work

  • Advertising / personal injuries like libel, slander, invasion of privacy (using someone’s image without their permission or public disclosure of private facts) or copyright infringement

Bundled Business Insurance gives you more

When General Liability Insurance is bundled with other coverages (called a Business Owner’s Policy or BOP) it’s cheaper for the policyholder. Though a BOP is a comprehensive and affordable option, it’s not available to all business owners. To qualify for this coverage, you must own a small business (which means your premises are small and you don’t have a lot of employees) and work in a low-risk industry.

A BOP typically includes

  • General Liability Insurance as described above

  • Property Insurance, covers insured business property that is lost or damaged by fire, theft, or windstorms

  • Business Interruptions Insurance, which reimburses you for lost income when a covered property event forces you to temporarily shut down business (usually for no more than 12 months)

Comprehensive General Liability Insurance as an even broader option

Comprehensive General Liability Insurance (CGL) is a broader coverage option than the BOP for larger, more hazardous businesses.

CGL Typically includes

  • Coverage for liability claims related to products coverage (alleging that a product you made or sold is defective, causing an injury to or damaging the property of a third party)
  • Completed operations coverage (covers the liability incurred by a contractor for property damage or injuries that may happen to a third party once contracted operations are finished).  

CGL does not cover 

  • Vehicle liability (owned or leased by the business)
  • Workers comp (for injuries sustained by employees on the job)
  • Crime (covers employee criminal acts such as robbery, burglary and other forms of theft)
  • EPLI (covers employers against claims made by employees alleging discrimination, wrongful termination, harassment and other employment-related issues).

Why is a privacy breach directly related to information stored or used by my business not covered by CGL or BOP insurance?

While a CGL policy today should cover invasion of privacy claims arising out of a data breach, it will not cover loss of data because data is not tangible property. Tangible property actually excludes electronic  data ( information stored, created, used, or transmitted to or from computer software). General Liability Insurance will also not cover:

  • Identity theft resulting from either an intentional or unintentional security breach. Identity theft refers to the fraudulent use of Personal Identifiable information known as PII:  Social Security numbers, credit card numbers, drivers’ license numbers, birthdates, PIN codes, and employee identification numbers are considered PII

  • Trademark or copyright infringement resulting from information posted on your website

  • Inadvertent disclosure of your or a third-party’s sensitive information by email, instant messaging, or other electronic means

  • Damage to your or a client’s computer network due to computer viruses, worms, or malicious code

  • The costs of credit monitoring

  • Theft or destruction digital assets such as intellectual property or customer lists

  • Damage to an organization’s reputation resulting from a cyber security breach

  • Business Interruption for the time your network was down

Commercial Crime Policy to cover some costs of a data breach but not all

Commercial Crime Policy typically covers

  • Money
  • Securities
  • Other property against a variety of criminal acts, such as employee theft, robbery, forgery, extortion and employee computer fraud.

Commerical Crime Policy does not cover

  • The costs customarily associated with a data breach such as forensic identification and confirmation of the breach
  • Consumer notification
  • System repair
  • Loss of income
  • Public relations or crisis management expense.

Cyber Liability Insurance is the only fully comprehensive solution

There are numerous cyber/breach response insurance products on the market that better respond to the risks associated with data breaches. A policy offering  privacy coverage will cover the costs associated with regulatory investigations, fines and penalties and, additionally will commonly offer “remediation coverage” such as:

  • Forensic investigation to confirm the breach, identify the cause and repair the system;

  • Restore or recreate the data, if possible;

  • Establish the period of the business interruption and estimate the time necessary to get the system functioning properly again;

  • The hiring of a public relations firm to assist in the communication of the breach to customers and the public if necessary;

  • Hiring legal counsel to defend claims brought by customers and third parties and to determine an insured’s indemnification rights where a third party is responsible for the data breach.

  • Credit monitoring services

Cyber Liability risks are a real threat today to businesses of all size and from any industry. An independent insurance broker specializing in Privacy Breach or Breach Response Insurance can help you find the right insurance for cyber risk. Request an advisor by filling out our short form.

Comment

Cindy Wiedman

Cindy is a Registered Professional Liability Underwriter (RPLU) and has designed and administered professional liability insurance programs over a 35 year career. She has worked with many affinity groups over that time, and specializes in Lawyers Professional Liability Insurance. She has served members of the Iowa State Bar Association with their liability Insurance needs since 1986, first for Kirke Van Orsdel, then Marsh Affinity and most recently Lockton Affinity.