Cyber Risk Insurance: What is it? Part I
So, what’s the big deal, aren’t the risks of the cyber world covered by a business insurance policy? The answer is a ‘maybe’ but if so, then not adequately. For instance, some business property insurance programs provide limited coverage for Electronic Vandalism (generally a malware event or hacking incident). Electronic Vandalism coverage may apply to data restoration expenses and/or a related business interruption (extra operating expenses or business income loss); coverage is typically capped at a low limit from $10,000 to $100,000 depending on the insurer and their specific policy form.
Another policy offering some protection is crime insurance. Crime insurance may provide cyber risk coverage through several independent and mutually exclusive policy sections such as Employee Dishonesty; Computer Fraud; Funds Transfer Fraud and Social Engineering. The latter coverage, Social Engineering, is essentially a scheme of deception and trickery; insurance is typically offered as a sub-limit and may require an additional underwriting application.
While most businesses have property insurance fewer buy crime insurance. In any case, it makes sense for businesses to verify the extent of cyber risk protection provided by their current insurance program.
In addition to the coverage above, businesses with Professional Liability and Errors & Omissions (E&O) Insurance may have some 3rd Party Liability Coverage for professional services ‘wrongful acts’ (generally a mistake but each insurance policy defines wrongful acts differently) that cause a malware event or data breach. Let’s be clear that the act must be directly connected to providing professional services as defined by the insurance policy and any coverage would be limited to 3rd Party Liability as opposed to 1st party data breach expenses** (discussed below). Due to the availability of specific Data Breach, Privacy and Network Security Liability Insurance many Professional Liability and E&O Insurance policies are being renewed with Cyber Risk insurance exclusions and or coverage sub limits which makes specific liability insurance coverage for Cyber Risk a necessity. Once again, an insurance policy review to determine the extent of coverage, if any, for Cyber Risks is prudent.
Finally, the insurance coverage that is being discussed frequently; some call it Cyber Risk Insurance and others name it for the primary perils that it intends to insure Data Breach, Privacy and Network Security Liability Insurance. For discussion and simplicity (it is not a simple coverage and thus best suited to a detailed consultation) the coverage can be divided into 2 broad coverage sections: 3rd Party Privacy and Network Security Liability Coverage and 1st Party Data Breach Response Expenses. The coverage layout generally follows the pattern below:
3rd Party Insurance Coverage Sections
- Privacy and Network Security Liability
- Communications and Media Liability
- Regulatory Defense Expenses
1st Party Insurance Coverage Sections**
- Data/Security Breach Remediation, Response and Notification Expenses
- Crisis Management Expenses
- Business Interruption – Income Loss and or Extra Expenses
- Extortion / Ransomware Expenses
- Data Restoration Expenses
- Crime Coverage
- Computer Fraud
- Funds Transfer Fraud
- Social Engineering Fraud
As a supplement to the insurance coverage provided by Data Breach, Privacy and Network Security Liability policies many insurers offer limited pre-breach services, training and documents all of which should be coordinated with existing service providers from technology, to HR, to legal.
James J Venezia, CPCU
Jim is an insurance and risk management professional with Phoenix Insurance Group of Chester, NJ. He develops insurance programs which help innovators, entrepreneurs, executive teams and successful professionals manage risk through commercial, professional and cyber risk insurance products. Jim has passion for collaborating with visionary leaders and passionate individuals in all walks of life.
Jim is a Graduate of Villanova University and a Chartered Property Casualty Underwriter (CPCU).
For a consultation contact him by phone at 908-507-7126 or email firstname.lastname@example.org