A complete cyber liability policy should contain most of these key coverages. They may have different names or terms depending on the carrier. Some coverages may be combined or have different limits. Read and understand your policy.
1. Errors and Omissions aka Professional Liability: E&O covers claims arising from errors in the performance of your services. It may be difficult to determine if a claim is a cyber breach or a professional liability claim. Combining Cyber and Professional avoids having two insurance companies pointing fingers at one another.
2. Privacy/Security Liability: Coverage for third-party claims that allege failure to protect personally identifiable information (PII) or personal health information (PHI). Breaches could be through a network, information security failure, or through unauthorized use or access by a rogue employee.
3. Notification Costs: Coverage to notify victims that their data may have been breached. This may be a significant expense depending on how many records have been illegally accessed.
4. Crisis Management/Public Relations and Forensic Expenses: The cost of hiring a crisis management firm and forensics experts to determine the breach scope and a solution. These coverages are often separate limits. Depending on your industry, a Public Relations response may be critical.
5. Regulatory and Defense Penalties: This covers the cost of handling inquiries and investigations, as well as the fines and penalties from enforcing bodies, such as the Federal Trade Commission, attorneys general, etc. HIPAA violations would be covered in this section. Expect more enforcement legislation as breaches continue to proliferate.
6. Extortion/Threat Expenses: This element even may cover the cost of paying off an extortionist who promises to expose intellectual property or shut down a computer system if demands are unmet.
7. Business Interruption: Coverage for Loss of Income while your company is shut down due to a “hack attack”. These claims can be quite expensive.
8. Media/Content: This coverage is most relevant for retailers and online companies. It covers libel, copyright infringement, and social media issues.
9. Hacker Damage: This covers the cost of repairing, replacing, and restoring damaged or destroyed data and software systems.
10. Payment Card Industry (PCI) Fines/Penalties: This is important for businesses that take in credit card information. It covers financial penalties for breaches of your credit card system. PCI compliant systems are hacked as often as non-PCI compliant. Using a third party does not relieve you of the liability for a breach.
Don’t Forget Crime Coverage
Losses through Social Engineering or Fraudulent Inducement are not covered by a Cyber policy. Your firm’s Crime policy needs to be endorsed to cover these two growing exposures. Typical claims are fake wire fraud instructions or corrupted emails that redirect the wire transfer to another bank account.
Property Damage to Manufacturing Process
A looming claim on the horizon is the potential for serious property damage to manufacturing processes. A hacker could shut down a manufacturing process midstream resulting in serious and expensive damage to the manufacturing equipment itself. These claims are rare, but can be devastating to a company. Firms with large equipment infrastructures should consider insuring this exposure. In this case, cyber Business Interruption is paramount.
Click Here for a printable brochure that contains the info listed above.