CYBER OVERVIEW
- When we review cyber policies, there are several specific coverage grants which
- Either differ (sometime wildly) from carrier to carrier that you should be aware of or
- Become restricted or removed altogether if a carrier perceives poor controls
- Coverages that vary from carrier to carrier:
- Business interruption and/or dependent business interruption (including system failure)
- Breach Remediation coverage outside versus inside the limit
- Reputational damage
- Bricking coverage
- Crypto-jacking
- Invoice manipulation
- Coverage implications due to poor perceived controls
- Flat out declination
- Cyber Extortion/Ransomware including sub-limits, coinsurance, or exclusion
- Funds Transfer Fraud (including social engineering
WHAT IS CYBER LIABILITY
Third-Party Coverage
NETWORK SECURITY LIABILITY: Coverage for the Liability and legal costs arising from a loss by another due to a breach in network security. Breaches include unauthorized access, transmission of a virus, blocked access, or failure to provide notice of a security breach, where required by law.
PRIVACY: An insurance coverage that addresses the liability of companies accused of negligently handling private or confidential data. Claims may include anything from class actions brought by consumer groups to lawsuits by credit card companies suing over the wrongful release of consumer card information.
Protects the company from the liability arising from:
- A failure to protect or wrongful disclosure of private or confidential information
- A failure to protect Personally Identifiable Information from misappropriation
- Violation of any federal, state or local privacy statute alleged in connection with failure to protect private information
MEDIA LIABILITY: Provides coverage for claims arising from copyright infringement, plagiarism, defamation (disparagement or reputational harm), libel, slander, or invasion of privacy in electronic content, such as websites and email. (Also refers to liability arising out of your negligence in connection with the release of such multimedia content in advertising).
PAYMENT CARD INDUSTRY FINES & PENALTIES COVERAGE (1st party): Reimbursement for the Payment Card Industry (PCI) fines and penalties (fraud recoveries or assessments) owed under the terms of a Merchant Services Agreement with a credit card association, due to your non-compliance with PCI Data Security Standards (PCI DSS). Coverage applies to such fines and penalties which you are legally obligated to pay as a result of a privacy or security breach event.
REGULATORY DEFENSE EXPENSE: Coverage for governmental claims made as a result of network and information security liability or communications and media liability.
REGULATORY FINES COST: Reimbursement coverage including regulatory violations of state and federal privacy regulations, such as HIPPA, GLBA, and the various state security breach notification laws.
First-Party Coverage
NOTIFICATION COSTS COVERAGE: Reimbursement of costs associated with notification to those individuals of the security breach.
CRISIS MANAGEMENT EVENT EXPENSES: Reimbursement coverage for public relations services to mitigate negative publicity as a result of cyber liability.
SECURITY BREACH REMEDIATION: Reimbursement of costs incurred to determine whose identity information was accessed, credit monitoring for 365 days, forensics, call center to handle inquiries, and identity fraud expense reimbursement for those individuals affected by the security breach.
BUSINESS INTERRUPTION AND ADDITIONAL EXPENSE: Reimbursement coverage for loss of income and the extra expense incurred to restore operations as a result of a computer system disruption caused by a virus or other unauthorized computer attack.
DEPENDENT BUSINESS INTERRUPTION: Protects the insured for income loss, interruption expenses, and special expenses, specific to the asset protection/non-physical business interruption and extra expense, incurred because of an interruption, degradation in service, or failure of a computer system operated by an independent contractor (not including payment processor, security software provider, or internet service) or outsourced IT service provider.
SYSTEM FAILURE AND DEPENDENT SYSTEM FAILURE: Coverage for unintentional and unplanned total or partial outage of the insured organization’s computer system that is not caused by a data breach or security failure.
