Cyber Liability Insurance: What Is It and How Do I Keep It?

Cyber Liability Insurance

Cyber liability insurance policies are contracts of insurance between the cyber liability insurance carrier and the entity purchasing the insurance. Companies can purchase this insurance, which provides coverage for data breaches, digital security issues, cybercrime, hacking, and/or other incidents, depending on the policy language. 

The type and amount of coverage provided can depend upon whether an applicant for the insurance has a HIPAA compliance program in place.

Insurance, in general, is heavily regulated at the state and federal levels. For example, the underwriting for traditional insurance, such as health insurance, has a fairly standard format. Existing law dictates what restrictions insurers may and may not impose on coverage. For example, the Patient Protection and Affordable Care Act (ACA), applicable to most group health plans, requires that such plans offer specific benefits and restricts insurance practices such as using pre-existing conditions to deny coverage.

Cyber liability insurance has no format. While several insurers with name recognition in other sectors, including ACE Group, Chubb, Beazley, CNA, Travelers, and Liberty Mutual, offer cyber liability insurance (CLI), what a potential policyholder must do to be eligible for the insurance, and in what amount, varies among insurers.

Before issuing a policy, underwriters will seek documentation of a potential insured’s security posture. The carrier typically seeks this information as part of a questionnaire. If a potential insured can document that it has a robust security program in place, the carrier is more likely to offer the insured a policy than would be the case if the documentation revealed a weak security posture.

So, what do cyber liability insurance questionnaires ask for? Whether a business is compliant with specific data privacy frameworks, regulations, and laws, including HIPAA.

Let’s Simplify Compliance

Cybersecurity and HIPAA compliance go hand-in-hand? Protect your business by becoming compliant today!

Learn More!
HIPAA Seal of Compliance

The International Association of Privacy Professionals (IAPP) recently posted the cyber liability insurance applications of three prominent insurers: ACE; Philadelphia Insurance Companies (PHLY), and United States Liability Insurance Co., Inc (USLI).

Part 3 of ACE’s application asks:

“Is your company compliant with any of the following regulatory or compliance frameworks (please check all that apply and indicate most recent date of compliance):

☐ ISO17999 as of (date)

☐ SOX as of (date)

☐ PCI-DSS as of (date)

☐ HITECH as of (date)

HIPAA as of (date)

☐ GLBA as of (date)

☐ SSAE-16 as of (date)

☐ FISMA as of (date)

☐ Other. ______”

Part 5 asks, “Do your third-party technology service providers meet required regulatory requirements that are required by your company (e.g., PCI-DSS, HIPAA, SOX, etc.)?

☐Yes

☐No.”