Typically covering legal, technology and customer-notification costs, cyber liability policies are crucial for any modern day organization.
However, these standard policies do no cover organizations for losses in income. To mitigate these financial losses, insurance carriers have introduced ‘reputational harm insurance’, which covers financial losses suffered as a result of data breaches or other incidents of cybercrime. Reputational harm policies are available as either a supplement to a cyber policy or in standalone policies, and insurance companies who underwrite these products consider the impact of a data breach to be a ‘covered peril’.
A claimant on a reputational harm policy would need to provide evidence of the reputational damage, such as adverse newspaper and television reports. The organization must also be able to provide documentation that proves financial loss over a period of time. “Most reputational harm policies have aggregate annual limits, so that policyholder with $1 million in coverage could file a claim for, say, $250,000 for one breach and still have $750,000 to cover future breaches,” explains Jeremy Barnett, Senior Vice President of Marketing at
NAS Insurance Services.
While the financial impact of a data breach can have serious consequences, often the greater issue for organizations is the impact that breaches have on management time. Responding to a cyberattack requires a lot of time and energy to be spent by executive staff, which can have a serious knock on effect on the business’s bottom line. “Reputational harm insurance not only helps cover the cost of a breach, but also provides funds to cover the temporary loss of income while an organization recovers,” Barnett says. “Such policies can be a lifeboat for middle market businesses needing to get through a difficult time.”