Will a Cyber & Data Endorsement Protect My Business?

A cyber & data endorsement is just as good as separate cyber liability policy, right? Not exactly.

Many commercial insurance carriers offer an endorsement to cover some cyber liability and data breach exposures. However, businesses should be aware of the differences between a cyber & data endorsement verses a full on “true” cyber liability policy.

Cyber & data endorsements are attractive to some small business owners because they are relatively cost efficient, and can be added to their existing policy without additional underwriting. These endorsements are also popular for businesses that may not have many digital records, data stored, and do not heavily rely on computers in their operations, but still want some sort of coverage.  However, as technology continues to advance, so does the embracing and implementation of it within businesses.  This increases the vulnerabilities a business has to cyber threats.  According to Travelers Insurance, 43% of small businesses are targeted in cyber-attacks.  Hacker groups often times prefer to attack small businesses because there are usually no designated IT teams to make sure the firewalls are robust and updated, making them a soft and easy target.  

Every cyber & data endorsement varies depending on the carrier.  Still, some common coverages fall short compared to a “true” cyber liability policy.  The following are some differences you may see and want to consider:

• Extortion – including any threat, blackmail, or ransom payment is frequently excluded in cyber & data endorsements. Example: A hacker breaches the network of a business and holds their data hostage unless a ransom is paid. Many cyber & data endorsements will not cover the costs from this.
• Sublimits – are often scheduled. Endorsements typically have a starting point of $50,000 aggregate limit for the primary coverage, but they sublimit other necessities such as Forensic IT Review, Legal and Public Relation Services, PCI Fines, Business Income, and other costly expenses associated with a breach.  A common sublimit is $5,000, and this could evaporate very quickly in the event of a claim.
• Communications & Media Liability – is often not included in a cyber & data endorsement. This is coverage for plagiarism, unauthorized use, and infringement of a copyright or trademark.  This also includes defamation and slander related to reputation or character of an organization.
• Unencrypted Data – a claim involving unencrypted data that was transmitted electronically is typically excluded. While it is generally best business practices to encrypt data at all times, coverage will not be triggered on most endorsements due to a compromise of unencrypted information.
• Social Engineering – is usually a coverage not included in a cyber & data endorsement. Social Engineering is the act of manipulating people to make actions or reveal confidential information.  This coverage can also be added to a crime policy.

It is safe to say that a cyber & data endorsement is not the same as a “true” cyber liability policy.  Again, each carrier has a different form; review the options with your insurance expert to learn about the coverage differences.

Consider these facts:

• The average cost for a small business to recover after a cyber attack is $690,000 (The Ponemon Institute).
• Sixty percent of small companies are unable to sustain their businesses over six months after a cyber breach (The U.S National Cyber Security Alliance).

This data indicates that if your business has a serious cyber breach the $50,000 endorsement limit (with lower sublimits) will likely be substantially inadequate.  A “true” cyber liability policy is a more comprehensive approach with broader coverage and offers limits starting at $1,000,000. 

A cyber & data endorsement might satisfy your needs as a small business owner and can be considered as an introductory or starting point in this line of coverage.   While its coverage does not compare to a “true” cyber liability policy, businesses can have some minimal level of protection. 

With cyber threats looming and on the rise, contact your property & casualty consultant to find out what policy is the best fit for you and your business.