Cyber Insurance Options

2/4/25

Kyle Langan

Cyber insurance purchasers should look for  insurers offering to “pay on behalf of the insured.” This preferred contract language can present a challenge to find but it is available.

Example: We shall pay on behalf of the Insured, all Claim Expenses and Damages resulting from a Claim first made against any Insured during the Policy Period or, if exercised, during the Extended Reporting Period, first discovered during the Policy Period.

First Party Risk Considerations*

How should a company strategize for the following?

  • Cyber Incident Response
  • Business Interruption Loss and Extra Expenses incurred during restoration from a Cyber Incident
  • Digital Data Recovery Costs incurred, resulting from a Cyber Incident
  • Network Extortion Expenses incurred in response to a Cyber Incident

Third Party Risk Considerations***

  • Third party perils can arise from cyber, privacy, and network security liability. Properly written insurance through a company like Chubb can pay Damages and Claims Expenses by reason of a Claim made against an Insured during the Policy Period for a Cyber Incident which first occurs on or after the Retroactive Date and prior to the end of the Policy Period.
  • Perils can arise from Electronic, Social, Printed Media Liability. The right insurance can also indemnify for Media Incidents.

*First-party insurance is insurance that applies to the insured’s own potential loss. [1]

***Third-party risk is the risk of losses to third parties, usually insured under casualty or liability insurance. [2]

How insurance can respond

Coverage is afforded pursuant to the insuring agreements included in a policy, which vary from paper to paper. Insurance purchasers should look for these coverage triggers included below:

Information privacy

Information privacy liability: claim expenses and damages resulting from an information privacy wrongful act loss.

Regulatory liability: claim expenses, damages, including gdpr penalties, regulatory penalties, and regulatory assessments and expenses resulting from a regulatory claim, information privacy wrongful act.

Event response and management: technical response loss, legal services loss, public relations loss, notification loss, reward expense loss, and credit monitoring loss

Pci-dss liability: pci-dss penalties, pci-dss response expenses, and claim expenses resulting from a pci-dss claim

Network security

Network security liability: expenses and damages resulting from a claim for a network security wrongful act.

Event response and recovery: technical response loss, public relations loss, data recovery loss, reward expense loss, and system restoration loss incurred.

Business interruption

Direct business interruption: business interruption loss, extra expense, reward expense loss, and public relations loss incurred by the insured organization as a direct result of a system disruption

Contingent business interruption: we shall pay the insured organization for contingent business interruption loss, extra expense, reward expense loss, and public relations loss

Cyber extortion: Extortion loss, reward expense loss, and public relations loss incurred by the insured organization as a direct result of an extortion threat

Financial fraud

Social engineering: Fraudulent inducement loss and reward expense loss

Computer fraud: Computer crimes loss and reward expense loss incurred

References

[1]: IRMI Insurance Definitions. first-party insurance. IRMI. <https://www.irmi.com/term/insurance-definitions/first-party-insurance>

[2]: IRMI Insurance Definitions. third-party risk. IRMI. <https://www.irmi.com/term/insurance-definitions/third-party-risk>