Modern professionals today rely on a vast network of computers, servers, and/or cloud-based systems as the primary means of storing client information and conducting their businesses. While most are aware of cyber threats posing substantial risks to their businesses - and have even taken defensive measures - cyber insurance is often an afterthought. According to a 2022 report by IBM and the Ponemon Institute, the average global cost of a data breach is $4.35 million. Thus, businesses should think about and understand cyber-liability coverage, and how such coverage overlaps with other insurance policies (like professional-liability policies). Doing so will ensure protection in the event of a cyberattack.
While your professional-liability policy may contain, or have the option to add, some form of basic cyber-liability coverage, you should carefully consider whether a standalone cyber liability policy is right for you.
The first consideration is the type of cyber-liability coverage your policy provides. Generally speaking, professionals can purchase two types of cyber-insurance coverage: first-party and third-party liability. First-party cyber liability insurance provides coverage for the fiscal impact of a cyberattack on a business’ network or system, such as the fees associated with restoring data, income loss due to downtime, crisis management, or forensic investigations. In contrast, third-party cyber liability insurance protects professionals from liability claims against them in the event of a breach. If your professional liability policy lacks either first- or third-party cyber liability, you may be at risk in the event of a cyberattack.
Additionally, professionals should consider their coverage amounts and whether they are adequately insured. Solely relying on your professional-liability policy to cover a cyber breach puts you at risk of exhausting the available coverage. For example, if you exhaust your policy limits paying for remediation following a cyberattack, you could be exposed to significant liability on a future malpractice claim. Having a separate cyber-liability policy can complement to your existing coverage(s).
Because the potential costs of a cyber breach could be catastrophic for any business, modern professionals need to review their cyber-liability coverage and assess their risk tolerance. Insurance coverage is an individualized decision. But obtaining a separate cyber-liability policy could mitigate the potential exposure of a breach and save professional-liability policy limits for more traditional risks.