Cyber Liability Policy vs. Cyber Endorsement - Capstone Brokerage

Many commercial insurance carriers offer the addition of a cyber liability or data breach endorsement to a professional liability or general liability policy. However, there are many exclusions and limitations to these endorsements. As technology improves, the need for cyber coverage increases. Yet, the differences between an endorsement and a full cyber liability policy are largely unknown. Should you have any questions after viewing this article, reach out to an insurance professional to determine which coverage is best for you and your business.

For a small business owner, the cost of a data breach averages $200,000. Yet, there are usually very small limits available for a cyber liability endorsement, most often not exceeding $100,000. Unfortunately, the lack of coverage can leave the businessowner with substantial debt. Insurance carrier Hiscox, reported that 60% of small businesses victimized by cyberattacks go out of business within 6 months.2

Cyber liability endorsements are often obtained at a relatively low cost, making them more attractive to many. They usually do not require any additional underwriting and are normally included within a quote for other lines of coverage. Although the implementation of evolving technology increases vulnerabilities within business operations, most businessowners are unaware of the effect cyber threats truly have on small businesses. CNBC reported that over 43% of cyberattacks are aimed at small businesses. Yet, only an estimated 14% are prepared to defend themselves.1

When considering a cyber liability endorsement over a full cyber liability policy, here are a few common policy differences to consider:

  • Extortion – Cyber criminals demand payment through the threat of compromised data or denial of service. Many cyber endorsements will not cover extortion.
  • Limits and Sub limits – Cyber liability policy limits typically begin at a $1 million.
  • Communications & Media Liability – Coverage for plagiarism and infringement or unauthorized use of a copyright or trademark, is most often not included in a cyber or data endorsement.
  • Unencrypted Data – The term applies to claims arising from a loss associated with unencrypted data, typically involving an unencrypted portable device. Claims usually do not trigger on most endorsements.
  • Social Engineering – Otherwise known as fraud and most commonly practiced by phishing scams, coverage is typically limited to $100,000 with an actual loss average of $150,000.

1 https://www.cnbc.com/2019/10/13/cyberattacks-cost-small-companies-200k-putting-many-out-of-business.html

2 https://www.hiscox.com/documents/2018-Hiscox-Small-Business-Cyber-Risk-Report.pdf