Cyber and privacy insurance policies are designed to cover a variety of both liability and property losses that may result when a business engages in various electronic activities, such as selling on the internet or collecting data within its internal electronic network.
Most notably, but not exclusively, cyber and privacy policies cover a business' liability for a data breach in which the firm's customers' personal information, such as Social Security or credit card numbers, is exposed or stolen by a hacker or other criminal that has gained access to the firm's electronic network. The policies cover a variety of expenses associated with data breaches, including notification costs, credit monitoring, costs to defend claims by state regulators, fines and penalties, and loss resulting from identity theft.
In addition, the policies cover liability arising from website media content, as well as property exposures from business interruption, data loss/destruction, computer fraud, funds transfer loss, and cyber extortion.
Cyber and privacy insurance is often confused with technology errors and omissions (tech E&O) insurance. In contrast to cyber and privacy insurance, tech E&O coverage is intended to protect providers of technology products and services, such as computer software and hardware manufacturers, website designers, and firms that store corporate data on an off-site basis. Nevertheless, tech E&O insurance policies do contain a number of the same insuring agreements as cyber and privacy policies.
Read the October 2016 Information Security and Cyber Risk Management Survey Here
Read Cyber Liability Talking Points
Read NAS 2016 Trends and Insights
Cyber Liability Insurance Coverages
The Essential Coverages
- Loss containment coverage/crisis management costs: Covers the cost of forensic investigation related to determining whether a cyber attack has occurred, how it occurred, how to stop the attack/loss of data. Covers crisis management and public relations expenses to assist in managing and mitigating a cyber-event.
- Third party liability: Litigation and privacy liability expenses cover defense costs, judgments, settlements and related liabilities caused by a plaintiff who brings a suit against the insured due to the cyber event. Notification and credit monitoring cover the costs related to notifying customers and others about a cyber-event as well as any mandatory credit/fraud monitoring expenses.
- Regulatory defense and penalties coverage: Covers defense costs to prepare for and defend against regulatory proceedings including legal, technical, and forensic work such as fines and penalties that may be assessed against an insured.
Business Interruption and Expenses Coverage
- Network business interruption coverage: Covers lost income and operating expenses due to a material interruption or suspension of an insured’s business operations caused by a network security failure.
- Expense coverage: Covers certain expenses necessary to expedite recovery from an electronic disruption.
Theft/Property Loss Coverage
- Data loss and restoration coverage: Covers the costs of retrieving and restoring data, hardware, software, or other information damaged or destroyed in a cyber attack.
- Cyber extortion coverage: Covers costs related to hackers who attempt to extort money by threatening to release sensitive information/data if a ransom is not paid as well as costs related to hackers who attempt to hold a network or data on the network hostage.
- Computer fraud coverage: Covers costs related to the loss or destruction of the insured’s data as a result of criminal or fraudulent cyber attacks.
- Improper electronic transfer of funds coverage: Covers lost income and operating expenses due to a material interruption or suspension of an insured’s business caused by a network security failure.