In today’s increasingly online world, almost all businesses are in danger of becoming victims of cybercrime. In fact, if your organisation has a website, email address, social media presence, POS systems or an e-commerce store, you could be at risk of a cyber-attack.
A cyber insurance policy is essential for your operation, enabling you to return to normal day-to-day business after an attack and helping you to deal with fines, claims against your business and legal costs.
Since the mid-2000s, insurance companies have provided two forms of cyber insurance developed to help businesses recover from cyber attacks: first-party and third-party cyber insurance.
This guide covers the difference between the two types of cyber cover and explains what form of cyber insurance most applies to your business.
What is first-party cyber insurance?
First-party Cyber Insurance covers only the insured’s costs, not those of any affected third parties or stakeholders. This kind of cyber insurance can help your business pay for:
- Interruption to your business, covering any loss of income caused by a cyber attack.
- Extortion fees, including paying a ransom to the cybercriminals to restore your systems and data.
- The cost of informing your vendors, customers and stakeholders affected by the cyber attack.
- The cost of forensic investigation, including hiring experts to work out the cause of the attack and its extent.
- The expense of hiring a PR team to manage damage to your business’s reputation following a cyber attack.
- The cost of credit monitoring and other protection services for affected stakeholders.
- The cost of restoring any lost or damaged company of client data.
What is third-party cyber insurance?
Third-party cyber insurance covers the cost of any claims made against your business by third parties who lost out financially or otherwise because of a cybercriminal activity against your business.
Those third parties include customers, vendors, regulatory bodies, suppliers and other business stakeholders.
Third-party cyber insurance usually covers the following:
- Legal fees, including court costs and solicitor’s fees if third parties sue your business for the cyber attack.
- Penalties and fines resulting from noncompliance with government and industry standards.
- Legal expenses arising from intellectual property theft or infringement.
- Court judgments and settlement fees.
Coverage varies between providers, so always double-check that your policy covers everything you need.
What are first-party risk and third-party risk?
There are several crucial differences between first-party and third-party risk.
First-party risk
First-party risks are defined as cyber attacks that could directly damage and disrupt your business operations. Examples of first-party risks include the following:
- Hacker activity that accesses your personal devices
- Malware attacks on your servers
- Phishing scams targeting your employees
- Denial-of-service attacks
- Software or hardware malfunctions
Third-party risks
A third-party cover protects you against the cost of legally defending yourself against claims from third parties, who allege that you are liable for a data breach for example. This can include investigations launched by a regulator of the government.
Examples of cover under this section of a cyber policy include:
- Cyber Liability – Damages or defence costs following a data breach
- Network Security Liability – Failure to protect personally identifiable information
- Media Liability – Allegations of defamation, invasion of right to privacy or infringement of intellectual property rights (excluding patents).
- Payment Card Industry Liability – fines, penalties or assessments you are liable for following a payment card breach.
What is the difference between first-party and third-party cyber insurance?
First-party cyber insurance covers any damages and losses directly suffered by the policyholder following a cyber attack, whereas third-party cyber insurance covers any damages and losses suffered by third parties, including vendors and customers.
Which cyber insurance cover does my business need?
The type of cyber insurance coverage your business needs depends on your risk profile and specific requirements, as described above.
To decide on the type of coverage most suitable for your organisation, consider:
- The nature of your business;
- Your specific risks;
- The kind of data you typically handle.
In addition, your legal obligations, industry sector and regulatory requirements could influence your final decision. Many businesses choose a combination of first-party and third-party cyber insurance coverage to cover all bases effectively.
Talking to a qualified, experienced insurance professional, such as our team of experts here at Stanmore Insurance, is strongly recommended. Our advisors can help you choose the best scope of coverage for your unique circumstances.
First and Third Party Cyber Insurance with Stanmore
First-party and third-party cyber insurance might be essential to protect your business from considerable expenses and reputational damage incurred following a cyber attack.
Don’t wait until it’s too late and cybercriminals have attacked your network or that of your third-party associates! To ensure you get the most suitable coverage for your business, talk to one of our experienced insurance advisors for advice today.