What’s Covered by Your Cyber Insurance Policy?

Posted by Jeffrey N. Berman on

Berman Fink Van Horn recently renewed its Cyber Insurance Policy.  Every company, regardless of size or what you do, has cyber exposure.  As you would expect, we spent a great deal of time investigating the newest types of cyber-attacks and the appropriate cyber insurance coverages to protect us.  Below are a few highlights.

For starters, two common types of cyber protection coverage are cyber liability insurance, which covers financial losses that result from data breaches and other cyber events, and limited cyber liability coverage, which may be found under a traditional insurance policy such as General Liability or Professional Liability.  Typically, neither of these coverages provides the full protection that you need to combat a data breach.  So, what can you do to fully protect your business from the damage of a data breach?  The solution includes all of the following:

  1. Security and Privacy Liability. This coverage protects an insured against lawsuits and losses for failure to protect a customer’s personally identifiable information (social security number, credit card numbers, medical information, passwords, etc.) from theft, unauthorized access, viruses or denial of service attack.
  2. Network Asset Protection. This coverage protects an insured against damage, alteration, corruption, misuse, distortion or destruction of electronic media or computer hardware, through a data breach or administrative operational mistakes in the handling of electronic data.
  3. Cyber Extortion Coverage. This coverage protects an insured against online crime which occurs when a person uses the internet to demand money or other goods or behavior from another person. The threat most often used against a company involves denial of service (DoS) attacks coupled with a demand or request for money to avert or stop the attack.
  4. Cyber Crime Coverage. This coverage protects an insured against the theft of data, spam campaigns and blackmailing operations. 
  5. Electronic Media Liability. This coverage protects an insured against acts such as libel, slander, defamation, copyright infringement, invasion of privacy or domain name infringement, which result from the insured’s publication of electronic data on the internet.

By doing your homework on this subject and securing appropriate insurance coverage sooner than later, the following costs and expenses can be covered and/or recovered if and when an attack occurs:

(a) Forensics, legal, remediation (credit monitoring, postage and advertising),

(b) Lost revenue and business interruption,

(c) Data restoration,

(d) Notification,

(e) Defense and settlement costs related to civil lawsuits,

(f) Brand and goodwill losses,

(g) Regulatory fines and penalties or PCI DSS fines and assessments, and

(h) Public relations expenses.   

Of course, any coverage is subject to the applicable waiting periods, deductibles and limits of liability in the company’s cyber policy.

I encourage every business owner to go through this necessary exercise.  As always, I am available to discuss my experience or any questions you may have.