Last week, we published an article about cyber insurance for your healthcare app business. This week, we give you a basic rundown of Cyber Insurance for Developers. Interested in learning more about HIPAA for healthcare apps? Learn more here.
To better manage risk, app developers must understand their options. Cyber insurance is one risk management option developers should become familiar with, since hospitals frequently require cyber insurance before they will consider adopting a new healthcare app. Here are the basics of cyber insurance for developers.
Insurers offer both first- and third-party insurance for cyber losses:
- First-party coverage insures for losses to the policyholder’s own data or lost income, or for other harm to the policyholder’s business resulting from a data breach or cyber-attack.
- Third-party coverage insures for the liability of the policyholder to third parties, including clients and governmental entities, arising from a data breach or cyber-attack.
Some common first-party costs when a data breach or security failure occurs include:
- Forensic investigation of a breach.
- Legal advice to determine notification and regulatory obligations.
- Breach Notification costs of communicating the breach to affected constituents.
- Offering credit monitoring to affected parties.
- Public relations expenses.
- Loss of profits and extra expense during the time that your network and systems are down. This is also known as “business interruption” coverage.
Available first-party coverages include:
- Theft and fraud: Covers destruction or loss of the policyholder’s data as the result of a criminal or fraudulent cyber event, including theft and transfer of funds.
- Forensic investigation: Covers the legal, technical or forensic services necessary to assess whether a cyber-attack has occurred, to assess the impact of the attack and to stop an attack.
- Business interruption: Covers lost income and related costs where a policyholder is unable to conduct business due to a cyber event or data loss.
- Extortion: Provides coverage for the costs associated with the investigation of threats to commit cyber-attacks against the policyholder’s systems and for payments to extortionists who threaten to obtain and disclose sensitive information. Ransomware is an example of this threat.
- Computer data loss and restoration: Covers physical damage to, or loss of use of, computer-related assets, including the costs of retrieving and restoring data, hardware, software or other information destroyed or damaged as the result of a cyber-attack.
Common third-party costs include:
- Legal defense.
- Settlements, damages and judgments related to a breach.
- Liability to banks for re-issuing credit cards, if applicable.
- Cost of responding to regulatory inquiries. [eg. OCR, FDA, FTC ]
- Regulatory fines and penalties. [eg. OCR, State Attorneys General, FDA, FTC ]
Available Third-Party coverages include:
- Litigation and regulatory: Covers the costs associated with civil lawsuits, judgments, settlements or penalties resulting from a cyber event.
- Regulatory response: Covers the legal, technical or forensic services necessary to assist the policyholder in responding to governmental inquiries relating to a cyber-attack, and provides coverage for fines, penalties, investigations or other regulatory actions.
- Notification costs: Covers the costs to notify customers, employees or other victims affected by a cyber event, including notices required by law.
- Crisis management: Covers crisis management and public relations expenses incurred to educate customers concerning a cyber event and the policyholder’s response, including the cost of advertising for this purpose.
- Credit monitoring: Covers the costs of credit monitoring, fraud monitoring or other related services to customers or employees affected by a cyber event.
- Media liability: Provides coverage for media liability, including coverage for copyright, trademark or service mark infringement resulting from online publication by the insured.
- Privacy liability: Provides coverage for liability to employees or customers for a breach of privacy.
Developers’ cyber insurance requirements can vary widely, depending on factors such as: types and amounts of data processed, vulnerabilities, and the types of security measures in place. Expect cyber insurers to test your security, and above all, get qualified legal advice before choosing cyber insurance policies.