Know Your Cyber Liability Policy
Many businesses today are increasingly exposed to a form of liability of which you may be learning about. Cyber Liability incidents are occurring almost on a daily basis and sometimes without the benefit of insurance to cover the loss and related defense expenses. To better understand Cyber Liability or Data Breach and Network Security, let’s first consider the types of information at risk:
- Credit Card Information
- Personal Financial Information
- Personal Health Information
Common causes include: negligent release of information, stolen or misplaced laptop computers, stolen or improperly handled backup computer information, improperly disposed papers, malicious software, phishing scams, cyber extortion and disgruntled employees.
General Liability and Crime insurance have limited coverage because they are concerned with damage to tangible property.
Following are important Data Breach and Network Security coverage details to discuss with your insurance broker to protect your business:
The Limit of Liability is the Aggregate Amount that will be paid by the insurance company for defense and damages. This aggregate will include the following sublimits that are part of this limit: Information Security & Privacy Limit, Regulatory Defense and Penalties, Website Media Content Liability, Business Interruption, Cyber Extortion, PCI Fines and Costs.
The Notification Limit is the amount of records that the insurance company will provide for notification, call center services and credit monitoring. This limit is separate from and in addition to the policy limit of liability aggregate. The Legal & Forensics, Crisis Management and the Foreign Notification costs are aggregate limits that are part of the Notification Limit. The record count does not have a deductible; however it does have a threshold. This threshold only pertains to the notification letter, call center and credit monitoring services. A typical threshold may be 100 records or 250 records or higher.
Information Security & Privacy Liability will pay on behalf of the insured damages and claim expenses for:
- Failure to protect private information
- Transmission of a virus from your system to another
- Failure to notify individuals of a breach
Regulatory Defense & Penalties will pay on behalf of the insured claims expenses and penalties assessed by regulatory agencies.
PCI Fines & Penalties pays for Payment Card Industry fines and costs.
Website Media Content will pay on behalf of the insured damages and claims expenses for allegations of copyright infringement and defamation arising from your website.
Cyber Extortion pays the insured for loss paid as a result of an extortion threat to protect private information.
Legal & Forensics provides the insured with a computer security expert to determine the extent and cause of a breach. It may also provide for an attorney to determine which notification laws the insured will need to comply.
Public Relations will pay for a Public Relations Consultant to help the insured introduce the breach to the public.
Fraud Resolution provides service to the affected individual in restoring their identity.
Enhanced coverages often include:
- Consequential Reputation Loss,
- Electronic Crimes,
- Fraudulent Instructions in Telecommunications,
- Telecommunications Fraud Loss, and
- Criminal Reward Fund