cyber security Insurance
Purpose of Cyber Coverage
Cyber-attacks have increased 300% since the beginning of the COVID pandemic.
Data breach, ransom demands, social engineering and funds transfer fraud… the list goes on and on.
Cyber Insurance not only protects your systems and resources, but also insures the confidential information of those you service.
Your IT or Managed Services provider’s insurance does not cover you in the event of a Cyber attack. Cyber Insurance policies provide both 1st party as well as liability benefits for various forms of Cyber Security threats that may impact your business.
In addition, most Insurance plans provide access to complementary risk management and prevention tools that complement your current IT practices- Employee Training, etc. features news, content and services from leading practitioners in risk management, computer forensics, forensic accounting, crisis communications, legal counsel, and other highly-specialized segments of cyber risk.
What is Social Engineering?
Means intentionally misleading an Insured Person, by providing an instruction that: 1. is not made by an Insured; 2. is purportedly from a Vendor, Client, or Insured Person; 3. directs the Insured Person to transfer, pay, or deliver Money or Securities; 4. contains a misrepresentation of material fact; and 5. is relied upon by the Insured Person, believing the material fact to be true.
What is Retention?
The amount of loss you are willing to pay out of pocket before the insurance company pays. A deductible per claim.
What does a Cyber Policy Cover?
Protecting You
Cyber Breaches
What is a Privacy Breach?
Information Security Breach means actual or alleged unauthorized access to or unauthorized use, theft, loss, acquisition, or accidental release or publication of Confidential Business Information or Personal Information owned, licensed, maintained or stored by You or maintained or stored by a third party under written contract or written agreement with You.
Computer And Legal Expert Costs
Cyber Breach Expense
Cyber Breach Expense means reasonable and necessary fees, costs or expense: A. to conduct an investigation and forensic analysis to assess the nature and extent of the Information Security Breach, however, forensic analysis expenses do not include the cost of restoration, or correction of deficiencies, of Your Computer System; B. to retain outside legal counsel, approved by Us, to provide and/or review recommendations as to how You should respond to an Information Security Breach following the discovery and reporting of the Information Security Breach, including final legal review of the proposed breach notification letter(s); however, any legal expenses incurred by You do not include expenses for legal counsel to review any third party liability litigation or notification of potential litigation; C. to notify the individuals whose Personal Information was subject to an Information Security Breach, including, but not limited to, the cost of mailing, printing, and other communications; D. to establish a call center or a website to be made available to individuals whose Personal Information was subject to an Information Security Breach; E. for credit or identity monitoring or identity theft education assistance for individuals whose Personal Information was subject to an Information Security Breach, for up to two (2) years or as required by the applicable jurisdiction;
Privacy Breach Notification Costs
Means reasonable costs or fees incurred or paid by an Insured Entity, voluntarily or as required by agreement or law, for: 1. printing and delivering notice to; 2. providing credit or identity monitoring for up to 24 months, or longer where required by law, to; 3. call center services for; 4. the costs to purchase an identity fraud insurance policy to benefit natural persons who are; or 5. with the Insurer’s prior written consent, other services to mitigate Loss or provide notice to, Impacted Parties, if recommended and provided by an Approved Provider.
First Party Loss. 1. Means: a. Betterment Costs; b. Business Interruption Loss; c. Computer And Legal Expert Costs; d. Cyber Extortion Costs; e. Money; f. Other Property; g. Privacy Breach Notification Costs; h. Public Relations Costs; i. Reputation Harm; j. Restoration Costs; k. Securities; or l. Telecom Charges.
First Party Coverage – Breach Response Costs 1. Security Breach Notification and Remediation We will reimburse, or pay on Your behalf, Cyber Breach Expense to which this insurance applies directly resulting from an actual, or reasonably suspected Information Security Breach or Malicious Attack that first occurs during the Policy Period , and an Authorized Person first discovers during the Policy Period and first reports to Us during the Policy Period, or within ninety (90) days after the end of the Policy Period. 2. Systems Restoration Expense We will reimburse, or pay on Your behalf, Your Systems Restoration Expense directly resulting from a Malicious Attack that first occurs during the Policy Period, and an Authorized Person first discovers during the Policy Period, and first reports to Us during the Policy Period, or within ninety (90) days after the end of the Policy Period. 3. Cyber Extortion We will reimburse, or pay on Your behalf, Your Cyber Extortion Expense directly resulting from a Malicious Attack that first occurs during the Policy Period, and an Authorized Person first discovers during the Policy Period, or within ninety (90) days after the end of the Policy Period. 4. Public Relations We will reimburse, or pay on Your behalf, Your Public Relations Service Expense that arises out of an actual or alleged Wrongful Act committed on or after the applicable retroactive date shown on the Declarations and before the end of the Policy Period, but only if the Wrongful Act is first discovered by the Authorized Person during the Policy Period, and first reports to Us during the Policy Period or within ninety (90) days after the end of the Policy Period. We will also reimburse, or pay on Your behalf, Your Public Relations Service Expense incurred during the Business Income Period of Restoration and during the Contingent Business Income Period of Restoration that is directly resulting from a denial of service attack on Your Computer System, or on a Shared Computer System, or due to a Malicious Attack, or a Malicious Dependent Attack that occurs during the Policy Period, and an Authorized Person first discovers during the Policy Period and first reports to Us during the Policy Period, or within ninety (90) days after the end of the Policy Period. 5. Cyber Breach or Extortion Reward We will reimburse, or pay on Your behalf, Your Cyber Breach or Extortion Reward Expense directly resulting from an Information Security Breach or Cyber Extortion Threat that first occurs during the Policy Period, and an Authorized Person first discovers during the Policy Period, and first reports to Us during the Policy Period, or within ninety (90) days after the end of the Policy Period. 6. Hardware Replacement Expense We will reimburse, or pay on Your behalf, Your Hardware Replacement Expenses directly resulting from a Malicious Attack that first occurs during the Policy Period, and an Authorized Person first discovers during the Policy Period, and first reports to Us during the Policy Period or within ninety (90) days after the end of the Policy Period. 7. Payment Card Expense We will reimburse, or pay on Your behalf, Your Payment Card Expenses directly resulting from an Information Security Breach that compromises Personal Information related to a Payment Card. The Information Security Breach must directly result from an actual or alleged Privacy and Security Wrongful Act committed on or after the Privacy and Security Liability Retroactive Date shown on the Declarations, and before the end of the Policy Period, and an Authorized Person first discovers during the Policy Period, and first reports to Us during the Policy Period, or within ninety (90) days after the end of the Policy Period.
Public Relations Costs
Means reasonable costs or fees for public relations services recommended and provided by an Approved Provider to mitigate or prevent negative publicity.
Reputation Harm, directly caused by an Adverse Media Report or Notification
Means damage to the Insured Entity’s reputation incurred during the Period Of Indemnity that results in Income Loss, other than the value of: 1. coupons; 2. price discounts; 3. prizes; 4. awards; or 5. consideration given by the Insured in excess of the contracted or expected amount.
Reputational Harm Expense means: A. net profit or loss before income taxes that You would have earned or incurred during the Period of Indemnity if there had been no damage to Your reputation directly resulting from a Privacy and Security Wrongful Act; or B. net profit or loss before income taxes that would have been earned or incurred during the Period of Indemnity had there been no Malicious Attack.
Betterment Costs
Means the reasonable costs incurred and paid by the Insured, with the Insurer’s written consent, for hardware or software to improve a Computer System after a Security Breach
Costs for improvements that are subject to a license, lease, or subscription will be limited to the pro rata portion of such costs for the first 12 months.
Cyber Crime
Cyber Extortion Costs / Ransom
Means, with the Insurer’s prior written consent: a. Ransom, in direct response to a Cyber Extortion Threat; b. reasonable amounts incurred or paid by the Insured in the process of paying, or attempting to pay, Ransom; or c. reasonable amounts incurred or paid by the Insured, recommended by an Approved Provider, to mitigate Ransom.
Cyber Extortion Threat means a threat to: A. access, alter, corrupt, damage, misappropriate, destroy, delete, sell or disclose Confidential Business Information, Personal Information or software on Your Computer System; B. initiate a denial of service attack on Your Computer System; or C. transmit a virus or harmful code into Your Computer System; provided that such Cyber Extortion Threat is made for the purpose of demanding a Cyber Extortion Payment. Damages means a monetary judgment, award or settlement that You become legally obligated to pay. Damages also means punitive or exemplary Damages or the multiplied portion of multiplied awards, if insurable under law. This paragraph shall be governed by the applicable law of the most favorable jurisdiction for such Damages: A. where the Claim seeking such Damages is brought or where such Damages are awarded; B. where the Wrongful Act giving rise to the Claim occurred; C. where You, subject to such Damages, are incorporated or have Your principal place of business; or D. where We are incorporated or have Our principal place of business.
Money, Securities, or Other Property Loss
Caused by Computer Fraud or Funds Transfer Fraud or Social Engineering Fraud or Telecom Fraud
Business Loss
Business Interruption Loss
Income Loss and Extra Expense incurred or paid by the Insured Entity during the Period Of Restoration
Caused by
- Security Breach
- System Failure (if applicable).
- Due to the voluntary shutdown of a Computer System by the Insured, if it is reasonably necessary to minimize the Loss caused by a Security Breach or Privacy Breach in progress.
- IT Provider Breach
Restoration Costs
Means the reasonable amounts incurred or paid by the Insured, with the Insurer’s prior written consent: a. to restore or recover damaged or destroyed computer programs, software, or electronic data stored within a Computer System, to its condition immediately before a Security Breach; or b. to determine that such computer programs, software, or electronic data cannot reasonably be restored or recovered. 2. Does not include: a. costs to recover or replace computer programs, software, or electronic data that the Insured did not have a license to use; b. costs to design, update, or improve the operation of computer programs or software; c. costs to recreate work product, research, or analysis; or d. wages, benefits, or overhead of the Insured.
Protecting Others
Liability Coverage
Privacy and Security Liability We will pay those sums You become legally obligated to pay as Damages and Claim Expense because of a Claim made against You
Media and Content Liability We will pay those sums You become legally obligated to pay as Damages and Claim Expense because of a Claim made against You during the Policy Period or any applicable Extended Reporting Period directly resulting from an actual or alleged Media and Content Wrongful Act to which this insurance applies.
Fines, Penalties and Regulatory Defense We will pay those sums You become legally obligated to pay as Fines and Penalties and Regulatory Proceeding Claim Expense that is first made during the Policy Period or any applicable Extended Reporting Period directly resulting from a Regulatory Proceeding to which this insurance applies.
Defense Costs; b. damages, judgments, settlements, or prejudgment or postjudgment interest, that an Insured is legally obligated to pay as a result of a Claim, including: i. court awarded legal fees; and punitive or exemplary damages, or the multiple portion of a multiplied damage award, to the extent insurable under the most favorable applicable law;
Legal Expenses
investigation; b. defense; c. settlement; or d. appeal, of a Claim.
Accounting Costs
Means the reasonable fees or costs of a forensic accounting firm, incurred by the Insured Entity, to calculate Income Loss, even if such calculation shows there has been no Income Loss.
Computer And Legal Expert Costs
Means the reasonable fees or costs of a forensic accounting firm, incurred by the Insured Entity, to calculate Income Loss, even if such calculation shows there has been no Income Loss.
Means the reasonable fees or costs incurred or paid by the Insured for services recommended and provided by an Approved Provider, to: a. conduct a forensic analysis to determine the existence and cause of a Privacy Breach, Security Breach, or Cyber Extortion Threat; b. determine whose Confidential Information was lost or stolen; or accessed or disclosed without authorization; c. contain or stop a Privacy Breach or Security Breach in progress; d. certify the Computer System meets Payment Card Security Standards, if a Security Breach Discovered during the Policy Period results in noncompliance with such standards, but only for the first certification; or e. provide legal services to respond to a Privacy Breach or Security Breach.
What is not covered?
Critical Infrastructure Interruption Any liability or expense arising out of any regional, countrywide, or global failure, disruption, or reduction in the supply of any utility service or infrastructure, including but not limited to electricity, gas, water, telephone, cable, internet, satellite, or telecommunications, or any failure, outage, disruption, degradation or termination of any critical part of such service or infrastructure. This exclusion shall not apply where such service of infrastructure is under Your direct control, operation or ownership.
Employment Related Practices
Professional Services
Any liability or expense arising out of, or in any way related to any actual or alleged rendering of or the failure to render services to others. However, this exclusion will not apply to any Claim directly resulting from an otherwise covered Privacy and Security Wrongful Act.
