Cyber Liability Insurance
Cyber Liability covers a business’ liability for a data breach in which the firm’s customers’ personal information is exposed or stolen by a hacker or other criminal who has gained access to the firm’s electronic network. Cyber-attacks are not limited to large business. Many small and medium size business are also being attacked. Cyber policies provide many levels of coverage and you should discuss your needs with your local Insurance Centers agent.
Description of Coverages
1st party liability provides protection for the data you own, such as information that pertains to you customers or employees. It covers forensic investigation of the breach which involves obtaining and analyzing digital information for use as evidence in civil, criminal or administrative cases. Legal advice can be provided to determine your notification and regulatory requirements. Additional costs such as notification costs of communicating the breach, offering credit monitoring to customers as a result, public relations expenses and loss of profits and extra expense during the time that your network is down (business interruption) is covered.
3rd party liability provides protection for liability associated with your customers’ data among other things such as the costs related to theft, misuse or disclosure of other people’s information that are stored on your network or infringement of the right to privacy. Common third-party costs include legal defense, settlements, damages and judgments related to the breach, liability to banks for re-issuing credit cards and cost of responding to regulatory inquiries such the costs of hiring attorneys to consult with regulators during investigations and the payment of regulatory fines and penalties.
Additional Cyber Coverages
Media Liability (3rd party): These are advertising injury claims such as infringement of intellectual property, copyright/trademark infringement and libel and slander. Off line content coverage is also available.
Network Security (1st party 3rd party): Network security failure can lead to many different exposures, such as, a consumer data breach, destruction of data, virus transmission and cyber extortion. These thieves might be looking to shut your network down, so you can’t conduct business, for their financial or political gain. Network security coverage can also apply if you’re holding trade secrets or patent applications for a client, and that information is accessed due to a security failure.
Privacy (1st party 3rd party): Privacy doesn’t have to involve computer hacking. It can be a breach of physical records, such as files tossed in a dumpster, a lost laptop, or sending a file full of customer information to the wrong email address. A privacy breach can also include an action such as wrongful collection of information.
Network Security and Privacy Liability Coverage (1st party 3rd party): First-party coverage applies to direct costs for responding to a privacy breach or security failure, and third-party coverage applies when people sue or make claims against you, or regulators demand information from you.
In addition, the policies cover exposures from:
(a) business interruption – Loss of profits and extra expense during the time that your network is down
(b) data loss/destruction, process or event that results in data being corrupted, deleted and/or made unreadable by a user and/or the destruction of data stored on tapes, hard disks and other forms of electronic media making it completely unreadable, nonassignable or used for unauthorized purposes.
(c) computer fraud act using computers, the Internet, Internet devices, and Internet services to defraud people, companies, or government agencies of money, revenue, or Internet access.
(d) funds transfer loss which is loss of money, securities and other property resulting from the direct use of any computer to illegally transfer insured property from inside the insured premises or bank premises to a person or place outside of the insured’s premises or bank’s premises.
(e) cyber extortion is a crime involving an attack or threat of attack against an operation, coupled with a demand for money to avoid or stop the attack.
Deductibles in a cyber policy vary due to the size of the policy and they type of company being insured. Time element deductibles (meaning the carrier is not responsible for a loss suffered for a specified period of time immediately following a direct damage loss) are included as well if business interruption coverage if provided.
Breach Reporting is not required by Federal law nor do they impose fines. However, 47 of 50 states require breaches to be reported and fines can apply at the state level.
How Can We Help?
Speak directly with an agent.