Cyber Liability – What It Is and Why You Need It

As online commerce grows, many industries have harnessed modern technology to enhance their operations and seized the opportunity to broaden their audience by establishing an online presence. The issue is that cyberattacks on companies have become more common and more crippling, especially for businesses that can’t afford to fix the problem.

For example, a credit union’s computer network was compromised when a hacking group emailed a malware program to several employees. The malicious software enables the cybercriminals to access confidential data stored on the credit union’s network and capture banking information for 20,000 customers and account holders. The total cost of customer notification, credit monitoring, digital forensics, and legal consultation was $357,000.

Without the right coverage, it’s hard for any company to stay afloat after an attack like that. Unfortunately, general insurance policies don’t cover cyber liabilities. If your clients have an online website where they collect customers’ sensitive data or an online network that stores financial information, they need a surplus line for cyber liability coverage. 

What Is Cyber Liability Insurance?

Cybersecurity policies protect businesses from financial losses caused by cyber incidents. These policies are especially crucial for small businesses because the average cost of a cyberattack is around $25,600 for enterprises with fewer than 250 employees. Out of pocket, this sum can be enough to close down a small business for good.

Cyber liability specifically insures businesses that are held responsible for the loss of data during a cyberattack. In the event of a data breach, a third party may sue the company on behalf of its customers. This policy helps businesses recover from an already devastating attack by paying attorney and court fees, settlements and court judgments, and regulatory fines for noncompliance.

For instance, a phishing email sent to a hospital’s billing department led to an unauthorized change in a physician’s bank account information and a direct deposit into the perpetrator’s account. Cyber liability insurance covered the hospital’s direct net loss of $95,000 resulting from the hospital’s inability to collect payment for services rendered.

With a surplus line insurance policy for cyber liability, you can help your clients mitigate cyberattacks such as:

  • Cyber extortion and ransomware 
  • Social engineering 
  • Phishing attacks
  • Invoice manipulation
  • PCI DSS Assessment expenses
  • Network security breach
  • Stolen laptops
  • Computer errors
  • Breach management response
  • Digital forensics and legal expenses


With the right coverage, companies will avoid being crippled by a malicious attack so they can continue with business as usual. It’s ridiculously unfair for people to take advantage of businesses like this, but having the right insurance in place can limit the damage.

How Do I Know If My Business/My Client Needs Cyber Liability?

Convincing yourself or your client that they need cyber liability coverage can be difficult, especially because it’s easy to fall into the trap of “well, that could never happen to me.” But the harsh truth is that cyberattacks on businesses rose by 50% in 2021, averaging to about 900 attacks on businesses per week.

We recommend cyber liability to all businesses who use online technology but consider the coverage absolutely necessary for:

  • Companies that store important data online or on a hard drive: if a brand collects and keeps their customers’ personal information like phone numbers, credit card numbers, or social security numbers, then a breach would have severe consequences. 
  • Brands with a large customer base: the more customers a company has, the more information a cybercriminal will have to steal. Businesses are legally required to tell their customers about data leaks, which can be costly for companies with many customers to reach out to.
  • Businesses with high revenue and valuable assets: if a company works in industries such as healthcare or finance, they’re likely handling extremely sensitive information that would demand a higher ransom price from cybercriminals. 

If you’re still on the fence, you can always get in touch with us at Craig and Leicht to discuss if a cyber liability surplus line is right for you.

Combating Cybercrime

Even if you choose to forgo cyber liability, you must do everything you can to protect your business’s sensitive information against potential attackers. Use firewalls and encrypt data to protect your networks and databases, and educate your employees on keeping their accounts safe and distinguishing between fake and real emails. 

A partner at a law firm had her laptop stolen from her car. Since the computer was unencrypted, hackers could access over 10,000 customer records with sensitive data, including social security numbers, medical records, and billing information. Every affected individual had to be notified and was offered two years of identity monitoring expenses. In total, it cost the law firm $105,000.

However, keep in mind that you can do everything right and still become the victim of a cyberattack. The best way to protect your brand or client from the financial repercussions of cybercrime is to get cyber liability coverage. Contact our associates at Craig and Leicht today, and we’ll get you a quote for a cyber liability surplus line in hours.


XPT: Craig & Leicht is now part of XPT Specialty, your eXpert Partner Team

Tap into niche market insights and expertise with more markets and products.