Cyber Insurance: It’s Not Just for Data Breaches

Several years ago, a series of massive and highly publicized retail data breaches took the issue of cyber security out of IT circles and inserted it into the mainstream news, cocktail party banter, and corporate board agendas. Those breaches also served to introduce the concept of cyber insurance to a much wider audience.

Interest in and uptake of cyber insurance began to grow, largely driven by the breach response services (including incident response, forensic investigation, notification and credit monitoring costs) and class action lawsuit defense coverage available under those policies.

Although cyber policies still provide tremendously valuable coverage for breach events, they’ve come a long way since then. Recent iterations of cyber policies go far beyond data breach coverage and offer protection against a wide range of the most vexing cyber threats affecting companies in every business sector.

Additional Coverages

Some of the key cyber exposures for which coverage may be available are:

  • Cyber Extortion 

Coverage is generally available for ransomware payments, as well as for other types of cyber extortion, such as threats to publicly disclose protected information or to interrupt computer systems. Some insurers also will assist with obtaining digital currency to pay ransom demands.

  • Social Engineering

Some insurers offer coverage under cyber policies that expressly applies to social engineering attacks that result in the transfer of company funds to unintended third parties.

  • Coverage for Senior Executive Losses

At least one insurer provides coverage for identity theft and theft of funds from personal bank accounts of executive officers resulting from a third-party breach of the company’s network security.

  • Corporate Identity Theft

Coverage may be available for losses incurred as a result of fraudulent use of the company’s electronic identity, including the establishment of credit in the company’s name, electronic signing of the contract, and the creation of a website designed to impersonate the company.

New Call-to-action

  • Contingent Business Interruption

Some insurers offer coverage for loss of business income, forensic expenses, and extra expenses sustained as a result of the interruption of the insured’s business operations caused by an unintentional and unplanned interruption of computer systems operated by a third party business that provides necessary products or services to the insured pursuant to a written contract. This coverage can be especially valuable for companies operating in today’s digital and interconnected economy.

  • Telephone Hacking

Companies may be able to obtain coverage for losses resulting from the hacking of their telephone system, including reimbursement of costs for unauthorized calls and use of the company’s bandwidth.

  • Management Liability 

Coverage may be available for senior executive officers if they are sued in connection with a covered cyber event.

A Word of Caution 

The coverages described above may not be available from all insurers, and not all insureds will qualify for all types of coverage. In addition, some coverages may be subject to sub-limits and important conditions, such as requiring the insurance company’s consent before incurring any expenses.

Concluding Thoughts 

Cyber insurance isn’t just for companies with large amounts of credit card data. Coverage is constantly evolving to address emerging cyber risks from which no company is immune. Companies should carefully consider how a well designed cyber insurance policy can protect them from the expense and disruption of today’s pervasive cyber threats.


Arrange a Conversation 


Article by channel:

Read more articles tagged: Featured, Hacking, Ransomware, Social Engineering