What's Covered Under A Cyber Liability Policy?

the words Cyber Attck in red on a background of green ones and zeros
Image courtesy of [Moment Open] / Getty Images.

Cyber liability policies cover many of the risks associated with use of electronic data and the Internet. Many policies include both first-party and third-party coverages. First-party coverages apply to losses your firm sustains itself. An example is damage to your company's electronic data files caused by a hacker. Third-party coverages apply to lawsuits against your firm that allege some type of injury.

For instance, a client sues you for failing to safeguard his personal data after it was stolen from your computer system and released online.

There is no “standard” cyber liability policy. Policies may vary from one insurer to another. This article describes some coverages that may be included in a cyber liability policy. Some insurers offer coverages individually so you can select the ones you need.

Third-party Liability Coverages

Most cyber policies include more than one type of liability coverage. Coverage generally applies to damages claimed against you as a result of errors or omissions you allegedly committed in creating, sending, receiving or storing electronic data. Policies typically cover the cost of defending you against covered claims. However, these costs may reduce the limit of insurance. Virtually all cyber liability policies are claims-made. Third-party coverages may be subject to a deductible.

Network Security Liability

Network security liability insurance covers lawsuits against you due to a data breach or to the inability of others to access data on your computer system. Coverage may apply if the data breach or inability to access your system is due to a denial of service attack, a virus, malware or unauthorized access and/or use of your system by a hacker or rogue employee.

Policies may cover lawsuits alleging that you failed to adequately protect data belonging to customers, clients, employees or other parties.

Network Privacy Liability

Network privacy liability insurance covers lawsuits based on allegations that you failed to properly protect sensitive data stored on your computer system. The data may belong to customers, clients and other parties. Some policies cover liability arising from the release of private data (such as social security numbers) belonging to your employees.

Electronic Media Liability

Electronic media liability insurance covers lawsuits against you for acts like libel, slander, defamation, copyright infringement, invasion of privacy or domain name infringement. Generally, these acts are covered only if they result from your publication of electronic data on the Internet.

First Party Coverages

Cyber liability policies typically include various property and crime coverages. They also cover certain costs, such as crisis management expenses. First-party coverages may be subject to a deductible.

Loss or Damage to Electronic Data

Many policies cover losses caused by damage, theft, disruption or corruption of your electronic data. Data belonging to someone else is also typically covered if it is stored on your computer system.

For the loss to be covered, it must result from a covered peril such as a hacker attack, a virus, or a denial of service attack. The policy generally covers the costs to restore or recover lost data. It also covers the cost of outside experts or consultants you hire to preserve or reconstruct your data.

Loss of Income and/or Extra Expenses

Many policies cover income you lose and extra expenses you incur to avoid or minimize a shutdown of your business after your computer system fails due a covered peril. The perils that are covered may be the same as those covered under Damage to Electronic Data. The loss of income and extra expense coverages afforded under a cyber liability policy differ from those provided under your commercial property policy. Under a property policy, these coverages typically apply only if physical damage to buildings or personal property has occurred.

Cyber liability policies cover income losses and extra expenses that result from damage to electronic data in the absence of a physical loss like a fire or windstorm.

Cyber Extortion Losses

Cyber extortion coverage applies when a hacker or cyber thief breaks into your computer system and threatens to, say, damage your data, introduce a virus, or shut down your system unless you pay him or her a sum of money. The perpetrator may also subject your computer system to a denial of service attack or threaten to release confidential data unless you pay the sum demanded. Extortion coverage typically applies to expenses you incur (with the insurer's consent) due to the extortion demand, as well as the money you pay the extortionist.

Notification Costs

Policies may cover the cost of notifying parties affected by the data breach in accordance with  government statutes or regulations. They may also include the cost of hiring an attorney to assess your firm's obligations under applicable laws and regulations. Some policies cover the cost of providing credit protection services for those affected by the breach. Some also cover the cost of setting up and operating a call center.

Damage to Your Reputation

A data breach can severely damage your firm's reputation. Thus, some policies cover the costs you incur for marketing and public relations to protect your company’s reputation following a data breach.

Other Coverages

Other coverages that may be available under a cyber liability policy include various crime coverages such as computer fraud, funds transfer fraud, and cyber terrorism (acts of violence committed for political purposes). Some insurers have developed cyber liability policies tailored to specific industries. For example, one policy may be designed for businesses in the healthcare industry while another policy is intended for financial institutions.