Cyber Insurance Options
2/4/25
Kyle Langan
Cyber insurance purchasers should look for insurers offering to “pay on behalf of the insured.” This preferred contract language can present a challenge to find but it is available.
Example: We shall pay on behalf of the Insured, all Claim Expenses and Damages resulting from a Claim first made against any Insured during the Policy Period or, if exercised, during the Extended Reporting Period, first discovered during the Policy Period.
First Party Risk Considerations*
How should a company strategize for the following?
- Cyber Incident Response
- Business Interruption Loss and Extra Expenses incurred during restoration from a Cyber Incident
- Digital Data Recovery Costs incurred, resulting from a Cyber Incident
- Network Extortion Expenses incurred in response to a Cyber Incident
Third Party Risk Considerations***
- Third party perils can arise from cyber, privacy, and network security liability. Properly written insurance through a company like Chubb can pay Damages and Claims Expenses by reason of a Claim made against an Insured during the Policy Period for a Cyber Incident which first occurs on or after the Retroactive Date and prior to the end of the Policy Period.
- Perils can arise from Electronic, Social, Printed Media Liability. The right insurance can also indemnify for Media Incidents.
*First-party insurance is insurance that applies to the insured’s own potential loss. [1]
***Third-party risk is the risk of losses to third parties, usually insured under casualty or liability insurance. [2]
How insurance can respond
Coverage is afforded pursuant to the insuring agreements included in a policy, which vary from paper to paper. Insurance purchasers should look for these coverage triggers included below:
Information privacy
Information privacy liability: claim expenses and damages resulting from an information privacy wrongful act loss.
Regulatory liability: claim expenses, damages, including gdpr penalties, regulatory penalties, and regulatory assessments and expenses resulting from a regulatory claim, information privacy wrongful act.
Event response and management: technical response loss, legal services loss, public relations loss, notification loss, reward expense loss, and credit monitoring loss
Pci-dss liability: pci-dss penalties, pci-dss response expenses, and claim expenses resulting from a pci-dss claim
Network security
Network security liability: expenses and damages resulting from a claim for a network security wrongful act.
Event response and recovery: technical response loss, public relations loss, data recovery loss, reward expense loss, and system restoration loss incurred.
Business interruption
Direct business interruption: business interruption loss, extra expense, reward expense loss, and public relations loss incurred by the insured organization as a direct result of a system disruption
Contingent business interruption: we shall pay the insured organization for contingent business interruption loss, extra expense, reward expense loss, and public relations loss
Cyber extortion: Extortion loss, reward expense loss, and public relations loss incurred by the insured organization as a direct result of an extortion threat
Financial fraud
Social engineering: Fraudulent inducement loss and reward expense loss
Computer fraud: Computer crimes loss and reward expense loss incurred
References
[1]: IRMI Insurance Definitions. first-party insurance. IRMI. <https://www.irmi.com/term/insurance-definitions/first-party-insurance>
[2]: IRMI Insurance Definitions. third-party risk. IRMI. <https://www.irmi.com/term/insurance-definitions/third-party-risk>