Cyber Liability Insurance: Protection from Invisible Threats

Why should your company have a Cyber Liability policy? After all, the construction industry has traditionally dealt in brick and mortar not data. That’s changing with advancements in technology and hackers are taking note. It’s no surprise that half of construction executives believe their company will be the victim of a cyberattack at some point. Still, almost 7 out of 10 contractors haven’t even done a risk assessment. (Travelers, 2019)

Regardless of your technology, if your company uses email and does business online, you are vulnerable to cyberattacks that can lead to business interruption losses and theft. Even if your company engages with a cybersecurity firm, you are still only as protected as your least-cyber secure third-party vendor.

A recent Forrester survey revealed that 75% of respondents in the construction, engineering, and infrastructure space have experienced a cyber incident in the last 12 months. Yet only one in three companies carries Cyber Liability coverage. Given that one data breach could put your company out of business, the risks of not carrying it far outweigh the costs.

What Does Cyber Liability Insurance Protect?

  • Data breaches
  • Intellectual property rights
  • Damages to a third-party system
  • System failure
  • Cyber extortion or ransomware
  • Communication hacking
  • Business interruption

When might claims arise?

Claims result when data is stolen, compromised, or when a payment is coerced due to phishing or ransomware.

What is typically excluded?

The cyber insurance marketplace offers a wide variety of policies and there is no universal language because Cyber Liability policies are relatively new. That said, some standard exclusions do exist, including:

  • Bodily injury
  • Property damage
  • Vicarious liability
  • Previous acts
  • Terrorism
  • Loss of electronic device

Some of these exclusions may be able to be negotiated back into the coverage.

The insured may also be required to adhere to some security standards for coverage to be triggered.

What if work is subcontracted?

Subcontractors may be granted access to your company’s sensitive information to perform their work and should be required to have Cyber Liability coverage.

How does a policy work and how long should you carry coverage?

Contractors should carry coverage for as long as they are in business. There are two types of policies – one that will reimburse you for losses and one that will pay you upfront for losses incurred.

How to determine the right amount of coverage?

The level of coverage your business needs is based on your individual operations and your range of exposure. Pricing is determined by the strength of your IT department & system security, as well as past loss history. Note that your umbrella policy does not sit over Cyber Liability.

What is the typical length of a policy?

This policy is placed on an annual basis and will need to be renewed 12 months after the initial purchase. It engages on a per occurrence basis in a way similar to your CGL coverage.

What happens if your business situation changes?

The more technology in your business—multiple servers, websites, social media, digital phone systems—the greater the risk. Your broker should review your exposure each year prior to your policy’s renewal.