Use simple terms and scenarios to describe data breach/privacy insurance. For example, if you start by asking clients whether they have any personally identifiable information (PII) on their customers or employees and if they have concerns about what would happen if it got out—not because of some hacker from China but rather a disgruntled employee, a frequent occurrence these days—you'll likely get their attention. If you talk about the problems caused if sensitive company data was made public—from financials to salaries—they'll probably lean in even closer.

Read related: "Cyber Security and Privacy: Still Evolving"

Most businesses with any employees have PII in some form or another, making it an excellent starting point for discussing cyber protection. All firms with payroll or 401(k) plans have Social Security numbers. If they offer health insurance and medical benefits, even more sensitive information is on hand that needs to be protected.

Many businesses are unaware of the growing list of regulations governing the unauthorized use of PII. Because there is no single federal law regarding protection of personal information, 47 states now have their own regulations. The definition of what constitutes PII, the notification process, and fines and penalties for not reporting a breach vary by state. Most data breach/privacy insurance will cover the costs associated with hiring attorneys and forensic IT experts, notifying customers, providing annual credit monitoring, and any state or federal fines or penalties. If your clients think it's not a big deal to write and send the necessary notification letters, ask them to think again. Symantec estimates the cost of notification runs about $190 per record–about $10,000 for a firm with a little more than 50 employees. Imagine if it also had to notify dozens, if not hundreds, of customers.

2.     Remind That Coverage Extends to Media Liability

Data breach/privacy policies typically include media liability coverage, a huge plus for many businesses. Virtually anything a company or its employee does gathering and distributing information to the public via a website or other communication (email, social media, desktop publishing, etc.) is covered against claims, including defamation, libel, invasion of privacy, copyright and trademark infringement, unfair competition, piracy, and plagiarism.

Virtually every business in America now uses these methods of communication and thus has media exposure. In recent years, with more companies actively dialoguing with consumers online, this type of coverage is proving even more valuable. For example, when a customer posts something to a firm's social media page that causes injury to a third party, the company can be liable.

Read related: "Top 5 Questions Clients Ask About Cyber Liability"

3.     Understand The Gray Areas

Customers are frequently confused when it comes to understanding cyber protection compared with other insurances. Cyber coverages can combine third-party liability coverages with first-party coverages. Take the case of a breach: The policy will cover the liability incurred as a result of damages to the breached parties, as well as the business interruption from the downtime the firm suffers as a result of the breach. Some cyber products incorporate E&O; others do not. As the agent or broker, it's important to clearly understand the differences, determine the appropriate exposures and needed coverages, and educate your customers. 

For example, a software developer needs a technology E&O policy to cover liabilities that arise from providing software products and services. On the other hand, local retailers, or even insurance agencies, do not have a technology E&O exposure, but exposures related to acquiring, storing, and transmitting customer data, typically credit card information and other PII. So the local retailer or insurance agency needs a data breach/privacy policy. The differences are clear.

But the line between the two blurs when a technology company that creates tech products or services also stores and transmits customer data. In this case, the business needs both technology E&O and data breach/privacy coverage, which it can purchase via two separate policies or with a technology E&O policy with built-in data breach/privacy coverage.

Read related: "5 Steps to Mitigate Social Media Liability"

Businesses that use a third party or cloud vendor that stores the data are still responsible in the case of a data breach. Some businesses mistakenly believe that their property policy's business interruption coverage will kick in as a result of a data breach, but those policies typically exclude outages caused by computer hackers. If you're comfortable talking to your customers about business interruption in the context of property loss, data breach/privacy insurance is essentially business interruption in the context of an IT issue.

4.     Make The Case For Benefits Beyond Insurance Coverage

People think of insurance as repayment after the fact: If your home burns down, you'll get the funds to cover the damages and rebuild. Data breach/privacy insurance obviously has the component of paying a company's liability following a breach, but the right policy will also cover other essentials for the small to middle market customer who might not have the time or resources to understand proper risk control. Although every step taken is important, simple efforts such as firewalls will provide little protection in the face of an employee error, rogue employee, or lost laptops, tablets, and smartphones.

Some carriers have taken the initiative to build crucial pre-loss risk management and "first responder" services around data breach/privacy products, such as crisis mitigation, IT forensics, and legal services. With one phone call, a business experiencing a breach immediately can access a variety of experts to help manage and mitigate the impact of the crisis. One insurance carrier makes sure that after purchase every policyholder is contacted by a privacy and security advisor who will explain in detail the risk mitigation and loss control services included and how to take advantage of them. Things like sample business continuity plans and state-by-state compliance data are also made available through secured Web access. 

Imagine the recovery of a firm that makes one call to the first responder to coordinate risk mitigation and crisis management versus a firm that after a breach has to begin the process of identifying and retaining the legal, technology and public relations experts needed to manage the crisis. Weeks of valuable time would be lost in the second scenario.

So cyber coverage is not as simple as, "Here's $600,000 because your house burned down." It addresses what happened, where the hacker went, how to avoid being sued, and how to mitigate the tide of damage to your overall reputation. And if you are sued, in addition to paying for that liability, the coverage will minimize the impact of the lawsuit and damages to third parties.

Explain to potential customers that having the right data breach/privacy policy could effectively provide them with a team of world-class consultants on retainer.