Cyber Insurance protects against two types of risk – first-party and third-party risks. From a first-party standpoint, it will cover things like crisis management, costs associated with forensic analysis, the cost of repairing and restoring computer systems if there is a virus that destroys business software and data, and the loss of business income resulting from a data breach.
Third-party risks exist for any business. Any business that collects protected health information or personally identifiable, non-public information like bank account numbers, credit card numbers, or Social Security numbers, has an insurable risk. Most states have a data breach notification law, and there are a number of federal regulations, and both state and federal statutes are a source of claims.
And most importantly, whenever there is a data breach incident, a business is required to comply with state laws in addressing the breach and notifying potential victims. One of the biggest risks for a company is unauthorized access from a virus, allowing a third party to breach the system.
Cyber Liability Insurance can include:
- Data breach/privacy crisis management cover. For example, expenses related to the management of an incident, the investigation, the remediation, data subject notification, call management, credit checking for data subjects, legal costs, court attendance and regulatory fines.
- Multimedia/Media liability cover. Third-party damages covered can include specific defacement of website and intellectual property rights infringement.
- Extortion liability cover. Typically, losses due to a threat of extortion, professional fees related to dealing with the extortion.
- Network security liability. Third-party damages as a result of denial of access, costs related to data on third-party suppliers and costs related to the theft of data on third-party systems.