Network Security and Privacy Liability

Storing electronic data allows an organization to keep a detailed record of its interactions with customers and employees. This enables businesses to provide important value-added services that build long term customer relationships.

All data, even if securely stored, runs the risk of being compromised. A compromise, or “breach,” occurs when an unauthorized third party gets access to confidential information or systems. When breaches occur, businesses stand to lose significant amounts of money as they seek to address, remediate, and ultimately prevent the issue from happening again.

We hear about these breaches all the time - hospitals, schools, companies, and even the government occasionally get breached. When this happens, thousands or even millions of people may be affected.

To cover the risk of storing electronic data, insurance carriers introduced Network Security and Privacy Liability coverage. Even if business owners consider it a remote possibility, they should seriously consider purchasing policies with this coverage.

What is Network Security and Privacy Liability Coverage?

Network Security and Privacy Liability coverage protects businesses against losses when breaches occur and confidential information gets leaked. Coverage is typically extended to cover the cost to the affected parties for the breach, and the insured business if it needs to defend a claim.

At a more granular level, network security and privacy liability coverage includes the following:

  • Identity recovery services for affected parties
  • The cost of litigating any claims
  • Damages awarded in prospective legal proceedings

How Remote Work Impacts Cybersecurity Risk

The risk of a data breach grows significantly when employees move out of the office and into work-from-home/hybrid arrangements. At home, employees lack robust security tools typically reserved for corporate IT teams. They work on unsecured networks, and may slip into mixing work and play on a single device.

All of these hazards open additional vulnerabilities that could lead to a leak. If an insured has gone fully remote or implemented a hybrid model, then having Network Security and Privacy Liability as a coverage in their cyber policy is even more important.

What Situations are Not Covered by Network Security and Privacy Liability?

As with all coverages, it is just as important to appreciate what is not included.

Network Security and Privacy Liability coverage typically does not apply to:

  • Potential future lost profits
  • Intellectual property theft
  • Purchasing additional cybersecurity software/systems
  • Training programs for staff

Who is at Risk of a Network Security or Privacy Breach?

Cyberattacks and data breaches are becoming more frequent, and small businesses are often the target of these attacks. Hackers consider small businesses attractive given they often lack cybersecurity controls, making them easy to breach at scale.

These attacks can get expensive. In fact, 60% of small businesses go under within six months of a cyberattack. As such, small businesses should consider this kind of coverage as a core part of their cybersecurity and insurance strategy.

Cyber attacks are certainly not limited to small businesses. Even large businesses core to the US economy can be hit hard. For example, T Mobile and Target suffered massive breaches affecting millions of customers.

Example Claims Scenarios

Breached retailer: Hackers uncovered a list of customer email addresses for an online retailer, and were able to break into many of the customer accounts because they used easy-to-guess passwords. After breaking into those user accounts, hackers proceeded to steal their credit card information from the billing page of their profile. A few days later, the hackers leaked the list of passwords and credit card numbers online, available for the world to see. Dozens of customers filed a lawsuit against the retailer, claiming a failure to protect their data.

Luckily the retailer had a cyber policy with Network Security and Privacy Liability in place - as soon as the list was leaked, the carrier got to work helping them recover from the incident. When the lawsuits were initiated, the carrier triggered coverage and covered the defense, as well as the damages awarded to the customers.

Breached hospital network: A hospital network was breached after hackers discovered a vulnerability in its outdated technical infrastructure. Hackers proceeded to export thousands of patient files and threatened to leak the patients’ medical histories if they didn’t receive a large extortion payment. When the hospital refused to pay the ransom, the data was leaked leading to a massive liability.

Luckily the hospital network had a cyber policy with Network Security and Privacy Liability in place. While the incident was taking place, the carrier provided the hospital with an experienced negotiator to try to bring down the price. When that fell through, the carrier stepped in to cover the cost of both legal defense and damages that ultimately had to be paid after litigation.

Data Breaches in the News

T-mobile leaks 53 million client’s personal information after breach

Nearly 69,000 affected in San Juan Regional data breach; man files lawsuit against hospital

California Pizza Kitchen Serves Up Employee SSNs in Data Breach

Have any questions? Email us at Otherwise, if you’re ready get some quotes click here to get started.