Cyber liability insurance covers financial losses that result from data breaches and other cyber events. Many policies include both first-party and third-party coverages. First-party coverages apply to losses sustained by your company directly. An example is a damage to your company’s electronic data files caused by a hacker. Third-party coverages apply to claims against your firm by people who have been injured as a result of your actions or failure to act. For instance, a client sues you for negligence after his personal data is stolen from your computer system and released online.
In Cyber insurance, the insuring clauses set the stage. They tell you what the policy will do, who it will apply to and what specific terms you need to pay attention to. They are separate clause because they describe different types of risks and, as a result, may have different terms, conditions, limits of liability or retentions.
You will have to consult your policy documents to confirm exactly what coverage your Cyber insurance provides but here are a few scenarios that typically would and would not be covered:
What Cyber insurance covers:
What Cyber insurance does NOT cover:
Cyber insurance claim examples
A e-commerce platform, SellYouLater, contracted with a third party service provider. A burglar stole two laptops from the service provider containing the data of over 800,000 clients of the SellYouLater. Under applicable notification laws, SellYouLater – not the service provider – was required to notify affected individuals. Total expenses incurred for notification and crisis management to customers was nearly $5,000,000.
A U.S. based information technology company, ‘Merica, contracted with an overseas software vendor, Internacional. Internacional left universal “administrator” defaults installed on ‘Merica’s server and a “Hacker for Hire” was paid $20,000 to exploit such vulnerability. The hacker advised if the requested payment was not made he would post the records of millions of registered users on a blog available for all to see. The extortion expenses and extortion monies are expected to exceed $2,000,000.
An intern released a computer worm directing infected computers to launch a denial of service attack against a regional computer consulting & application outsourcing firm. The infection caused an 18 hour shutdown of the entity’s computer systems. The computer consulting & application outsourcing firm incurred extensive costs and expenses to repair and restore their system as well as business interruption expenses which totaled approximately $875,000.
A SaaS platform, SaaSyAttitude, stored credit and debit card account numbers, names, addresses, telephone numbers that were stolen. In total, over 365,000 customers’ records were exposed. The organization settled with the state attorney general, and is now compelled to provide with free credit monitoring, credit restoration to customers that were victims of identity fraud, and reimbursement to customers for direct losses that resulted from the data breach. The organization will be required to revamp its security policies, implement technical safeguards, and conduct random compliance audits.
Get A Cyber Quote
If you’re interested in learning more about a customized Cyber insurance program, you can always reach out to a member of our team by phone 646.854.1058 or email info@foundershield.com or get a quote below!