Evaluating Your Cyber Coverage

Cyber liability insurance should provide coverage for key cyber risks.  However, as coverage can vary significantly from carrier to carrier, it’s extremely important that your company understands the coverage provided within your policy.

Note that just because a policy is sold as a cyber insurance policy, the insurance company will not automatically agree to cover or defend against potential liabilities for cyber risks.  Cyber policies are often sold with carious coverage modules, provisions and insuring agreements, allowing for companies to pick the specific coverages they want to purchase.  Because of the variety of options offered in the marketplace and the potential to select specific risk protections, a careful review of the policy form before a claim raises is critical.

A key component to reviewing a cyber liability policy is determining if there is proper coverage for first-part risks and third-part risks.

First-party Risks

First-party risks include the following types of claims:

  • Physical damage to, loss of or loss of use of data and software only – whether caused by third party, contractor, employee/former employee, or state actor.
  • Corrupted, lost, stolen or ransomed data resulting from data theft, data breach or virus.
  • Loss of use of data as a result of software failure, network interruption or denial-of-service attack.
  • An inability to conduct business because of loss of software, data or network access.

Third-party Risks

Third-party risks include the following types of claims:

  • Investigation, mitigation and remediation costs relating to a data breach, which include costs incurred before a suit or claim.
  • Costs for complying with various laws and regulations after a data breach.
  • Putative class-action lawsuits alleging disclosure of personally identifiable information.
  • Business partners alleging breach of contract, negligence or other causes of action.
  • Professional negligence due to a cyber event.

One of the other important things to consider is how your policy will respond prior to a claim.  Having coverage for costs incurred immediately after the discovery of a data breach — including investigation and notification costs.

Lastly, businesses should consider protection for data loss or corruption; the inability to access data; and the inability to conduct business due to inaccessibility of the various cloud-computing platforms on with the entity relies or provides to clients.

Also, we recommend working closely with your insurance agent to ensure your cyber policy addresses the exposures your company faces.