Products & Services

What is Cyber Liability Insurance?

Cyber Liability Insurance is also known as security and privacy or breach insurance.  Cyber Liability Insurance covers first and third party losses as a result of the security failure of a company.

Doesn’t General Liability or an Umbrella policy cover these types of losses?

No.  Cyber liability issues are not in the scope of a General Liability or an Umbrella policy.  In the payments industry, the rule of thumb is that General Liability covers generally nothing.

 

Doesn’t being PCI compliant address this issue?

No.  Being PCI compliant only refers to the data security of payment cards.  Cyber liability includes this, but is much broader in scope and covers any type of data compromise and the ramifications that could cause your company or others a loss.

Some losses include: damages, defense, fines, lost revenue, assessments, audit, and cyber extortion.

 

What types of companies need this type of insurance?

Any company that has sensitive or proprietary information about their clients, vendors, or anyone that could cause damage if it fell into the wrong hands.

Some examples are:

  • An ISO that has sensitive financial and personal information for its merchants.
  • A CRM that maintains sensitive and proprietary information for the merchants of ISOs it services.
  • A payment processor or other vendor that has information about its ISOs and other business partners.
  • An acquiring bank that has information about the various ISOs it sponsors and other vendors.

 

Claim Scenarios

An ISO is breached and all of the information of its merchants is compromised.  Hackers use the information to request fraudulent wires from the merchants’ financial institutions.  The ISO is sued by the merchants and financial institutions and are held liable for damages in addition to incurring defense costs.

A CRM is breached and all of the information of the ISOs and merchants it services is compromised.  Hackers use the information to set up clone sites to steal from merchants’ customers.  The CRM is sued by the ISOs and their merchants for damages in addition to incurring defense costs.

An ISO is breached and hackers use merchants’ information to request a fraudulent MCA.  The ISO is sued by the merchants and MCA company for damages in addition to incurring defense costs.

A SaaS company was hacked and fell victim of a DDoS attack followed by a cyber extortion attempt.  Had the company had a cyber liability policy, the extortion attempt could have been handled and paid.  The hackers ultimately deleted all client and back-up data which bankrupted the company within 24 hours.