What should your cyber insurance policy cover?

cyber insurance

Cyber insurance is an emerging class of insurance products designed to mitigate losses from various cyber incidents, including data breaches, business interruptions, and network damage. It is a relatively recent development in the insurance sector, having been around since the 1990s.

By encouraging the adoption of preventative measures in exchange for greater coverage and incentivizing the adoption of best practices by basing premiums on an insured’s level of self-protection, a thriving cyber-security insurance market could aid in lowering the number of successful cyber attacks. Typically, traditional commercial general liability policies do not cover risks of this kind.

Cyber insurance increases cyber security by encouraging the adoption of best practices. Insurers will require security as a precondition of coverage, and companies adopting better security practices often receive lower insurance rates. This helps companies internalize both the benefits of good security and the costs of poor security, leading to greater investment and improvements in cyber security.

Currently, the market is in a state of flux due to uncertainty; in fact, it is reported that in practice, many companies are favoring forgoing available policies due to the perceived
high cost of the policies and confusion about what they cover. Therefore we decided to write about what you should look for in a cyber insurance policy cover. Here are some general tips to consider.

Coverage provided by cyber insurance policies may include:

  • First-party protection from losses caused by data loss, extortion, hacking, and denial-of-service assaults;
  • Liability insurance, which compensates businesses for losses to third parties brought on, for instance, by errors and omissions, a failure to protect data or defamation; and
  • Additional benefits like recurring security reviews, post-incident media, investigative costs, and criminal reward funds.

Make sure your policy includes coverage for the following:

  • Data breaches involving theft of personal information)
  • Cyber attacks (like breaches of your network)
  • Cyber attacks on the data held by vendors and third parties
  • Terrorist acts

You must consider whether the cyber insurance provider will:

  • Defend yourself in a lawsuit or regulatory investigation
  • Provide coverage beyond any other applicable insurance you have
  • Offer a breach hotline available every day of the year at all times

1. First-party coverage

First-party cyber coverage protects your data, including employee and customer information; costs from specialized service providers to reinstate reputation; and costs for notification of stakeholders and continuous monitoring (e.g., credit card usage). It also covers costs resulting from reinstatement; loss of profit; cost resulting from reinstatement and replacement of data; cost resulting from reinstatement and replacement of intellectual property (e.g., software); cost of extortion payment; and cost related to avoiding extortion (investigative costs).

This coverage typically includes your business’s costs related to:

  • All hostile attacks that change, corrupt, or destroy information and technology assets.
  • Damages or destruction of intangible assets (e.g., software applications).
  • Extortion to release or transfer information or technology assets such as sensitive data;
  • Extortion to disturb or disrupt services
  • Legal counsel to determine notification and regulatory obligations
  • Recovery and replacement of lost or stolen data
  • Customer notification and call center services
  • Lost income due to business interruption
  • Crisis management and public relations
  • Forensic services to investigate the breach
  • Fees, fines, and penalties related to the cyber incident
  • Losses related to defamation and copyright or trademark infringement
  • Payments to consumers affected by the breach
  • Claims and settlement expenses relating to disputes or lawsuits
  • Accounting costs

2. Third-party coverage

Third-party cyber coverage generally protects you from liability if a third party brings claims against you. This covers insured losses like legal liability (also defense and claims expenses (fines), regulatory defense costs); vicarious liability (when control of information is outsourced); crisis control (e.g., cost of notifying stakeholders, investigations, forensic and public relations expenses), cost resulting from reinstatement; and cost resulting from a legal proceeding.

This coverage typically includes:

Privacy Liability

  • disclosure of confidential information collected or handled by the firm or under its care, custody, or control (e.g., due to negligence, intentional acts, loss, theft
    by employees).

Network Security Liability

  • unintentional insertion of computer viruses causing damage to a third party;
  • damage to systems of a third party resulting from unauthorized access of the insured;
  • disturbance of authorized access by clients;
  • misappropriation of intellectual property.

Intellectual Property and Media Breaches

  • breach of software, trademark, and media exposures (libel, etc.)

To sum up, cyber insurance is an option that helps protect your company against losses resulting from cyber attacks. If you’re considering cyber insurance, you must discuss with an insurance agent what policy would best fit your company’s needs, including whether you should go with first-party coverage, third-party coverage, or both.