With cyber-attacks frequency increasing, we continue to blog about the need for Cyber Insurance/Data Breach Coverage. But just what policy should you buy? Unfortunately there is no right answer to that question. With Cyber Insurance being very new there is no policy or coverage standardization. To make matters worse, ‘common’ terms are defined differently from policy to policy.
Cyber Insurance carriers are also being very cautious about what they cover. Applications differ from carrier to carrier. Many carriers either are sub-limiting certain perils and/or provide the insured with a smorgasbord of coverages to purchase. It is not uncommon for cyber policies issued by the same carrier to differ dramatically from policy to policy in what is covered. While price is always important, the insurance buyer needs to pay close attention to the details and work with an insurance broker that is knowledgeable in the coverages needed for your firm.
Cyber Insurance is also unique in that most casualty policies are ‘3rd party’ coverages. That means that the liability policy is designed to be triggered with a ‘3rd party’ has suffered ‘injury’. Much of the cyber insurance exposure is from ‘1st party’ damages. Notification requirements imposed by federal and state laws and regulations after a data breach at your firm are ‘1st party’ coverages. Most ‘1st party’ claims are not covered by current insurance policies.
In general here are some of the major coverages needed in a Cyber Insurance/Data Breach policy:
1st Party Claims
1. Incident Response Services
2. Ransom demands to unlock your system.
3. Notification requirements costs from federal & state laws & regulations to your clients that have suffered a data breach
4. System assistance in restoring your systems and data
5. Loss of income for the time that it takes to recover from a data breach
6. Harm to reputation & goodwill
7. Crisis Management and public relations costs
3rd Party Claims
1. Damages to clients that have suffered a data breach
2. Cost of defense to defend you from these claims
3. Regulatory Violations, fines and penalties that may be accessed against the firm
Coverage limits that are adequate for one business are nowhere need adequate for another.
Work with an experience broker to go through the needed coverages and limits to make sure that you get the coverage needed, while not paying for coverages that do not apply to your business.
For a slightly different perspective about buying cyber insurance, click on