Recovering From a Cyber Attack Can Be Costly.
Cyber insurance is one option that can help protect your business against losses resulting from a cyber attack. If you’re thinking about cyber insurance, discuss with your insurance agent what policy would best fit your company’s needs, including whether you should go with first-party coverage, third-party coverage, or both. Here are some general tips to consider.
What Should Your Cyber Insurance Policy Cover?
Make sure your policy includes coverage for:
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Data breaches (like incidents involving theft of personal information)
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Cyber attacks on your data held by vendors and other third parties
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Cyber attacks (like breaches of your network)
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Cyber attacks that occur anywhere in the world (not only in the United States)
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Terrorist acts
Also, consider whether your cyber insurance provider will:
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Defend you in a lawsuit or regulatory investigation (look for “duty to defend” wording)
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Provide coverage in excess of any other applicable insurance you have
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Offer a breach hotline that’s available every day of the year at all times
What is First-Party Coverage and What Should You Look For?
First-party cyber coverage protects your data, including employee and customer information. This coverage typically includes your business’s costs related to:
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Legal counsel to determine your notification and regulatory obligations
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Recovery and replacement of lost or stolen data
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Customer notification and call center services
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Lost income due to business interruption
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Crisis management and public relations
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Cyber extortion and fraud
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Forensic services to investigate the breach
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Fees, fines, and penalties related to the cyber incident
What is Third-Party Coverage and What Should You Look For?
Third-party cyber coverage generally protects you from liability if a third party brings claims against you. This coverage typically includes:
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Payments to consumers affected by the breach
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Claims and settlement expenses relating to disputes or lawsuits
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Losses related to defamation and copyright or trademark infringement
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Costs for litigation and responding to regulatory inquiries
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Other settlements, damages, and judgments
![](/sites/all/themes/ftc/images-cybersecurity-pages/bulletpoint1.png)
Accounting costs
More insurance resources for small businesses available at www.insureuonline.org/smallbusiness
The FTC thanks the National Association of Insurance Commissioners (NAIC) for its role in developing this content.