Distinguishing Between First-Party and Third-Party Cyber Liability Insurance: A Guide
Dan Levenson August 29, 2018
Many companies are increasingly outsourcing IT services to external providers. While at it, they’re sharing sensitive customer or employee information with third-parties. This arrangement poses internal and external cyber risks. So, both a company and its managed IT services provider bear a degree of cyber liability in the event of personal data theft, loss, or inadvertent disclosure.
There are two types of cyber risk insurance options: first-party policy and third-party policy. If your company processes any personally identifiable information (PII), such as social security numbers, you need to protect yourself with the right cyber liability insurance. Companies that require such protection include managed IT services providers, staffing agencies, and independent IT consultants.
To help clarify the difference between the two cyber insurance options, consider a slip and fall claim, where a tenant sustains physical injury after falling on stairs that require a handrail:
- First-party liability protection would cover compensation costs if the tenant successfully sued the building owner for negligence or not maintaining the defective stairs.
- If a contractor violated a building code in failing to install the right type of stairs (with safety handrails), they could benefit from third-party liability protection in the event the building owner countersued.
Here’s a look at the difference between first-party and third-party insurance policies:
First-Party Cyber Liability Insurance
First-party cyber insurance is ideal for non-IT companies storing or handling employee or customer information. These firms bear direct legal responsibility for the safety of the sensitive data they’re managing. A non-IT provider may face inadvertent disclosure or similar claims if criminals breached their cyberinfrastructure and stole customer or staff data. In that case, first-party data breach insurance would cover any settlement determined in or out of court.
Consider this scenario: You’re a consultant, and a cyber attacker has accessed one of your servers holding client and employee details, including names, birthdates, bank account info, and social security numbers. The criminal has locked you out of your IT system, and they’re demanding a generous ransom before they can allow you back in. That’s a typical ransomware attack! Happily, you have first-party cyber liability insurance, and you can file a claim in case of the following outcomes of the data breach:
- You had to pay the extortionist to release your IT infrastructure
- You suffered financial loss due to business interruption
- You alerted your clients or customers of the data breach
- You incurred costs in conducting forensic investigations into the cyber incidence
Third-Party Cyber Liability Insurance
Third-party liability insurance covers IT firms, independent IT contractors, or individuals providing outsourced IT services. From a legal perspective, these professionals are liable for any data breach they could have reasonably prevented. They’re directly in charge of developing and securing computing infrastructure and data storages on behalf of their clients.
Your tech service can benefit from third-party cyber risk insurance if a client (or business partner) holds you legally liable for:
- Breach of confidentiality: Criminals accessed or exposed confidential information belonging to your client, their customers, or employees.
- Malware attack: You failed to implement adequate cybersecurity measures to protect your client’s information system from malware, spyware or computer viruses.
- Defamation: Your client’s reputation suffers malicious damage via an online platform you’re managing for them.
Bottom Line: Cyber Liability Insurance is Your IT Firm’s Safety Net
As an IT provider, the sensitive personal information you receive, process, maintain, or transmit is a lucrative target for cybercriminals. It’s not uncommon for data breach victims, such as IT services consumers, their customers, or their staff, to include their providers in compensation lawsuits. Cyber liability insurance protects you against potential costs associated with data breach claims against your company.
Whether you’re involved in a short-term or long-term IT project, Insure Your Company can help you select the right and secure cyber risk insurance. Get in touch with us for a comprehensive evaluation of your IT business insurance needs!