Today we take a walk back at the basics of Cyber Insurance, as I realize that some of my emails on this growing line of business talk a bit more specifically about the uniqueness of the coverage or exposure rather than the basic fundamentals. I have said this before, so please TAKE WARNING on this. No two carriers are covering the same thing, and no two carriers policies use the same basic language. This is the BIGGEST problem with agent understanding of the coverage, and therefore, Insured’s understanding of their imminent risk to loss. Following is a general overview of the coverage and what it is designed to protect against, and reading this will help you navigate a little better.
Cyber Insurance (also called Network Security & Privacy Insurance, Privacy Liability, and many other variations) is a line of business dedicated to covering exposures faced by insureds as relates to what is called PCI (Personal Confidential Information).
PCI comes in two different types- PII (Personally Identifiable Information) and PHI (Personal Health Information).
This includes names, addresses, birth dates, credit card or other financial information, social security information drivers license numbers, or health records, treatments, blood types, lab results, or other personal health information, which could lead to a potential privacy breach of a third party or an employee.
Laws have been enacted requiring businesses to maintain privacy of this information, and if a network security breach or a privacy breach occurs, that business is likely legally responsible, as well as subject to regulatory penalty or fine. Civil liability also exists in the advertising, marketing, and other electronic information a business disseminates, through its website or otherwise.
The first coverage parts of a Cyber Program respond to these issues, which are called Third Party Liability exposures. It is called this as the Insured is legally liable to a third party in the event of a breach or compromise. These Third Party Liability coverage parts protect against these three exposures just discussed:
- Network Security or Privacy Liability (including employee privacy liability)- Responds to a network security or privacy liability breach, compromise, attack, denial of service, etc.
- Electronic/Media Liability- Responds to personal injury and/or advertising injury in dissemination of electronic AND printed materials
- Regulatory Liability- Responds to regulatory fines and penalties imposed as a result of a network security or privacy liability event
However, since these are legal liability coverages, the Insurer will only pay for amounts that the Insured is legally obligated to pay. Therefore, their own costs for these events which they are not legally obligated or required to pay through judgment or settlement, are not a part of the covered claim in these coverage parts. The second part of a Cyber Program responds to these items, known as First Party Costs. First Party Costs are all of the expenses to respond to an event that occurs triggering the Third Party Coverage. This includes these additional areas of coverage:
- Notification Costs- The cost to notify each breached customer of a potential identity loss, customer support, credit monitoring expenses, forensic expenses to deal with state laws, and crisis management expenses (Public relations specialists brought in to mitigate reputation damage)
- Business Interruption- The loss of income expenses due to a shutdown of computer systems as a result of a covered event (may or may not include employee salaries)
- Cyber Extortion- The costs to pay out monies in the event of a cyber extortion threat
- Cyber Terrorism- The costs to pay out monies in the event of a cyber terrorism threat or event
- Loss of Digital Assets- The costs to restore or recover digital data lost or corrupted due to a cyber event
Knowing these components will help start your basis of knowledge from which you can now build, so when we talk about vendor liability, and rogue employees, and mobile devices, you will be able to know what it is we are writing about and why. This is a fast changing world in which we deal in every day, all day long. Make sure you are choosing a partner who makes you a better educated agent.
To send us a submission for a quote, or to request an application, contact me firstname.lastname@example.org.