What does Cyber Insurance Cover?

Cyber liability insurance covers financial losses that result from data breaches and other cyber events. Many policies include both first-party and third-party coverages. First-party coverages apply to losses sustained by your company directly. An example is a damage to your company’s electronic data files caused by a hacker. Third-party coverages apply to claims against your firm by people who have been injured as a result of your actions or failure to act. For instance, a client sues you for negligence after his personal data is stolen from your computer system and released online.

In Cyber insurance, the insuring clauses set the stage. They tell you what the policy will do, who it will apply to and what specific terms you need to pay attention to. They are separate clause because they describe different types of risks and, as a result, may have different terms, conditions, limits of liability or retentions.

You will have to consult your policy documents to confirm exactly what coverage your Cyber insurance provides but here are a few scenarios that typically would and would not be covered:

What Cyber insurance covers:

Loss or Damage to Electronic Data

Many policies cover losses caused by damage, theft, disruption or corruption of your electronic data. They also cover damage or theft of data stored on your computer system that belongs to someone else. For a loss to be covered, it must result from something like a hacker attack, a virus, or a denial of service attack. The policy generally covers the costs to restore or recover lost data. It may also cover the cost of outside experts or consultants you hire to preserve or reconstruct your data.

Loss of Income or Extra Expenses

Many policies cover income you lose and extra expenses you incur to avoid or minimize a shutdown of your business after your computer system fails. The loss of income and extra expense coverages afforded under a cyber liability policy differ from those provided under your commercial property policy. Cyber policies cover income losses and extra expenses that result from an interruption of your computer system. Property policies cover income losses and extra expenses that result from an interruption in your business operations caused by physical damage to covered property, which does not include electronic data.

Cyber Extortion Losses

Cyber extortion coverage applies when a hacker or a cyber thief breaks into your computer system and threatens you and your business. For instance, a hacker may threaten to damage your data, introduce a virus, or shut down your computer system unless you pay him or her a sum of money. The perpetrator may also subject your computer system to a denial of service attack or threaten to release confidential data unless you pay the sum demanded. Extortion coverage typically applies to expenses you incur (with the insurer's consent) to respond to an extortion demand, as well as the money you pay the extortionist.

Notification Costs

Policies may cover the cost of notifying parties affected by the data breach by government statutes or regulations. They may also include the cost of hiring an attorney to assess your firm's obligations under applicable laws and regulations. Some policies cover the cost of providing credit monitoring services for those affected by the breach. Some also cover the cost of setting up and operating a call center.

Damage to Your Reputation

A data breach can severely damage your firm's reputation. So, some policies cover the costs you incur for marketing and public relations to protect your company’s reputation following a data breach. This coverage is sometimes referred to as Crisis Management.

What Cyber insurance does NOT cover:

Bodily injury/property damage

should be covered by General Liability, Property, Workers Comp., or employers liability

Products liability

should be covered by General Liability or a dedicated products liability policy

Securities violations

should be covered by a D&O policy

Pollution

should be covered by a pollution liability or environmental impairment liability policy

Employee benefits and ERISA violations

should be covered by a fiduciary liability policy

Professional services

should be covered by an E&O policy

Contracts

contracts that aren't listed as "insured contract" should likely be covered by an E&O policy

Harassment, discrimination, workplace torts

should be covered by an EPLI policy

A e-commerce platform, SellYouLater, contracted with a third party service provider. A burglar stole two laptops from the service provider containing the data of over 800,000 clients of the SellYouLater. Under applicable notification laws, SellYouLater – not the service provider – was required to notify affected individuals. Total expenses incurred for notification and crisis management to customers was nearly $5,000,000.

A U.S. based information technology company, ‘Merica, contracted with an overseas software vendor, Internacional. Internacional left universal “administrator” defaults installed on ‘Merica’s server and a “Hacker for Hire” was paid $20,000 to exploit such vulnerability. The hacker advised if the requested payment was not made he would post the records of millions of registered users on a blog available for all to see. The extortion expenses and extortion monies are expected to exceed $2,000,000.

An intern released a computer worm directing infected computers to launch a denial of service attack against a regional computer consulting & application outsourcing firm. The infection caused an 18 hour shutdown of the entity’s computer systems. The computer consulting & application outsourcing firm incurred extensive costs and expenses to repair and restore their system as well as business interruption expenses which totaled approximately $875,000.

A SaaS platform, SaaSyAttitude, stored credit and debit card account numbers, names, addresses, telephone numbers that were stolen. In total, over 365,000 customers’ records were exposed. The organization settled with the state attorney general, and is now compelled to provide with free credit monitoring, credit restoration to customers that were victims of identity fraud, and reimbursement to customers for direct losses that resulted from the data breach. The organization will be required to revamp its security policies, implement technical safeguards, and conduct random compliance audits.

Get A Cyber Quote

If you’re interested in learning more about a customized Cyber insurance program, you can always reach out to a member of our team by phone 646.854.1058 or email info@foundershield.com or get a quote below!

GET A QUOTE