Cyber and Privacy Insurance Overview

Cyber and Privacy Insurance

Cyber and privacy insurance policies cover a broad array of liability and property losses that occur when an organization engages in electronic activities. This can include selling a product or service online or collecting data within an internal electronic network.

One of the most significant components of a cyber and privacy policy is its coverage of a data breach. Now more common than ever, data breaches often lead to customers’ personal information, such as Social Security or credit card numbers, being exposed or stolen by a hacker or other criminal that has gained access to a company’s electronic network. These policies are designed to cover many of the expenses resulting from data breaches, such as notification costs, credit monitoring, costs to defend claims by state regulators, fines and penalties, and loss resulting from identity theft.

Cyber and privacy insurance policies also cover any liabilities that result from website media content, as well as property exposures from business interruption, data loss/destruction, computer fraud, funds transfer loss, and cyber extortion.

One common area of confusion is the difference between cyber and privacy insurance and technology errors and omissions (tech E&O) insurance. These two essential policies have the following fundamental difference: Tech E&O coverage is designed to protect providers of technology products and services (computer software and hardware manufacturers, website designers, firms that store corporate data on an off-site basis, etc.), while cyber and privacy insurance policies are not industry-specific.

Cyber Liability Insurance Coverages:

  1. The Essential Coverages:
    1. Loss containment coverage/crisis management costs: Covers the cost of forensic investigation related to determining whether a cyberattack has occurred, how it occurred, and how to stop the attack/loss of data. Covers crisis management and public relations expenses to assist in managing and mitigating a cyber event.
    2. Third party liability: Litigation and privacy liability expenses cover defense costs, judgments, settlements, and related liabilities caused by a plaintiff who brings a suit against the insured due to the cyber event. Notification and credit monitoring cover the costs related to notifying customers and others about a cyber event as well as any mandatory credit/fraud monitoring expenses.
    3. Regulatory defense and penalties coverage: Covers defense costs to prepare for and defend against regulatory proceedings including legal, technical, and forensic work such as fines and penalties that may be assessed against an insured.
  2. Business Interruption and Expenses Coverage:
    1. Network business interruption coverage: Covers lost income and operating expenses due to a material interruption or suspension of an insured’s business operations caused by a network security failure.
    2. Expense coverage: Covers certain expenses necessary to expedite recovery from an electronic disruption.
  3. Theft/Property Loss Coverage:
    1. Data loss and restoration coverage: Covers the costs of retrieving and restoring data, hardware, software, or other information damaged or destroyed in a cyberattack.
    2. Cyber extortion coverage: Covers costs related to hackers who attempt to extort money by threatening to release sensitive information/data if a ransom is not paid as well as costs related to hackers who attempt to hold a network or data on the network hostage.
    3. Computer fraud coverage: Covers costs related to the loss or destruction of the insured’s data as a result of criminal or fraudulent cyberattacks.
    4. Improper electronic transfer of funds coverage: Covers lost income and operating expenses due to a material interruption or suspension of an insured’s business caused by a network security failure.