What is cyber insurance? It is a sub-category of general insurance that covers businesses and individuals against internet-based liability and risks.
There are two levels of coverage:
- First Party–covers direct losses to an organization/individual
- Third-Party–covers claims and legal action by customers/partners
Common coverages included in cyber insurance are:
- Data breaches
- Identity theft
- Personal data theft
FIRST-PARTY LOSS COVERAGE
One type of coverage is first-party coverage. This protects an organization or individual. Common features of first-party coverage are:
Loss/Damage to Electronic Data
Covers losses caused by damage, theft, disruption or corruption of data from covered perils such as hacking, viruses or denial or service attacks.
Loss of Income/Extra Expenses
Covers the income you lose, and expenses incurred by a shutdown of your business due to a covered peril.
Cyber Extortion Losses
Covers incidents where a cyber thief breaks into your system and threatens to commit a nefarious act.
For example, they may threaten damage to your data, the introduction of a virus or a shutdown of your system unless you pay them.
Covers the cost of notifying the affected parties of a breach in accordance with government statutes and regulations.
THIRD-PARTY LOSS COVERAGE
In addition to first-party coverage for cyber insurance, third party coverage exists as well. Third-party cyber coverage includes the following:
Network Security Liability
Covers lawsuits against you due to a data breach, or the inability of others to access data on your system. Coverage may apply if the cause is a result of a data breach, virus, malware, denial of service attack or unauthorized access and use of your system by a hacker or rogue employee.
Network Privacy Liability
Covers lawsuits based on allegations that you failed to properly protect sensitive data stored on your system. The data may belong to clients, customers or other parties.
Electronic Media Liability
Covers lawsuits against you for acts like libel, slander, defamation, copyright infringement, invasion of privacy or domain name infringement.
Errors and Omissions Liability
Some cyber policies cover errors and omissions that arise from professional services provided by the insured. For example, a policy purchased by a software developer may include coverage for claims that arise out of coding mistakes.
WHAT IT DOESN’T COVER
Policy Limits and Sub-Limits
Be sure to look at the coverage limits of your policy. Most people don’t realize that there are sub-limits hidden in policies that make coverage restrictive for things like forensic investigation or breach notification.
Loss of Intellectual Property/Trade Secrets
Most policies right now are geared toward the risks of losing large customer databases. As a result, loss of IP at the hands of data thieves is currently not covered.
Risk Mitigation Costs
Cyber liability policies don’t cover the cost of beefing up security and improving systems to lessen the risk of future attacks.
Negligence Induced Incidents
If your business has poor security practices, and an attack could’ve been prevented, insurance will not cover this claim. Be sure that your company is in compliance with all PCI DSS security standards.
Enterprises at risk of being attacked by a nation-state should look carefully at their policy for this kind of exclusion.
Loss of Future Revenue
This type of policy doesn’t cover the loss of any future revenue that may be attributed to a data breach or network security issue.
Any physical damage that resulted from a cyber-attack will not be covered by a cyber liability policy. However, these risks can be covered in other insurance policies.
As always, we hope that you’ve found this information useful. If you want to know more or think you may need this type of policy, contact us today!