How cyber insurance can help protect your business from social media’s risks
Contributors
Deborah Hirschorn Managing Director, U.S. Cyber & Technology Claims Leader dhirschorn@lockton.com
Chuck Jainchill U.S. Cyber & Technology Product Leader cjainchill@lockton.com
For many brands, social media has become an indispensable marketing and communications tool.
From X — formerly known as Twitter — and Facebook to Instagram and TikTok to LinkedIn and more, social media has offered a new way to reach the masses. It has also enabled two-way communication between businesses and their actual and prospective customers and the development of communities in ways earlier advertising and media technologies could never do.
In choosing to go all-in on social media, however, businesses must also contend with its myriad risks. These include the potential that businesses or their representatives — including social media influencers — might defame others, infringe on intellectual property rights, or engage in false advertising. Social media has also proven to be a valuable means for cybercriminals and other bad actors to gather information about potential social engineering victims and distribute malware, including ransomware.
Businesses may find some measure of protection from claims for defamation, invasion of privacy, and related risks under Coverage B of a standard general liability (GL) insurance policy. But additional coverage for these risks — as well as those related to malicious actors — can also be found in cyber and media liability insurance.
Coverage for technology-related risks
Most cyber insurance policies bound in the United States include media content liability insurance. As a result, coverage similar to that provided for personal and advertising injury under a GL policy is frequently found under the media content liability insuring agreement of a cyber form.
For more on social media risks covered under general liability, read Lockton’s recently published thought leadership piece: Post, like, share...lawsuit?
Cyber and media liability insurance policies can also respond to several types of events not covered under GL, including:
- Security incidents, such as malware infections or ransomware attacks. Hackers and others often attach malicious code to images and other content shared on social media or trick users into clicking on harmful links. Ransomware and other malware can shut down a company’s computer systems and disrupt normal operations, potentially costing businesses millions in lost revenue and reputational harm.
- Privacy breaches. Cybercriminals can obtain valuable data from organizations, including personally identifiable information about employees or customers, through social engineering schemes or phishing attacks carried out using social media. Under federal and state privacy laws, businesses can face significant litigation and regulatory risks from such breaches.
- Intellectual property infringement. Social media is awash with copyright-protected content — including music, photography, television and film clips, and artwork — often shared by businesses and individuals without the owners’ permission. Businesses can be held liable for such violations by employees and social media “influencers” acting on their behalf. They may also be responsible for content improperly shared by visitors to social media forums they moderate.
Appropriately structured cyber and media liability policies can help defend and reimburse insureds for many of the potential costs associated with such events. These include legal defense costs, regulatory expenses (including fines and penalties), lost income from network outages, and extra expenses incurred to mitigate risks, such as forensics services and notification of consumers affected by privacy breaches.
Optimizing coverage
Cyber and media liability policies can overlap with GL policies for certain risks, including those related to defamation and privacy-related torts. However, in most cases, businesses can benefit from purchasing both forms of coverage rather than choosing one or the other. Given the complex nature of these types of claims and the potential for overlaps in cover, insurance buyers should discuss taking a coordinated approach with their insurance brokers.
Typically, GL and cyber and media insurance purchases are made independently, with little coordination. They are also often placed with different insurers, this means that buyers could be exposed to gaps in coverage or subject to disputes between insurers. The most common cause of disputes is a lack of clarity among various policies about which is primary. Varying definitions within policies can also create challenges for policyholders.
One way to ensure these policies respond as intended and when needed is to consider purchasing them from the same carrier. One carrier underwriting both policies means there will be no dispute between carriers over which one should pay a claim or how retentions are eroded.
Insurance buyers should also work with experienced insurance brokers to run through potential exposures, analyze claims scenarios, coordinate cover, and optimize policy language. One particular area of attention should be “other insurance” clauses, which dictate how a loss should be apportioned when more than one policy — and, potentially, more than one insurer — provides coverage for that loss.
At the same time, buyers should also work with their brokers to avoid overly broad exclusions or narrow definitions. Some cyber and media liability insurers, for example, may seek to exclude coverage for all social media risks or for specific risks, such as postings by third parties. As social media continues to evolve, it is critical to monitor the changing technology and regulatory landscapes and update policies accordingly.
Limiting claims & costs
In the event of a possible claim, it’s vital that insureds review their policy language to understand which policy or policies may apply. If a claim could be covered under both cyber and media liability and GL, an insured should provide notice under both policies.
At the same time, businesses’ compliance teams can help to reduce potential claims by developing best practices for those who control and contribute to their social media channels — notably, around the use of media.
These best practices should stress the need to get permission from owners before posting any copyrighted content, avoid abusing media licenses, such as those that allow for the sharing of photography and music, and police third-party contributors who may post inappropriate content on a company’s social media page. Organizations should also look at their contracts and the levels of risk retained within them. This can help them determine their potential exposure based on contractual language.
© 2025 Lockton Companies. All rights reserved.