Cybersecurity Insurance – Part 6: Types of Coverage

November 2, 2015

Data privacyAt this point, virtually all of the major insurers offer cybersecurity insurance including, among others, Marsh McLennan, Allianze, AIG, Apogee Insurance Group, AXA, Howden Broking Group, and Chubb. Cybersecurity insurance can come in many forms. The various types of coverage offered under cybersecurity insurance policies include coverage for:

  • Data breach/privacy crisis management: expenses related to the management of a cybersecurity incident, including the investigation, remediation, data subject notification, call management, credit checking for data subjects, legal costs, court attendance and regulatory fines.
  • Business/Network Interruption: loss of net profit that was caused by a material interruption to the insured’s network, due to a cyber-attack or a network security breach.
  • Multimedia/Media liability: third-party damages which can include defacement of a website, infringement of intellectual property rights or negligence relating to electronic content.
  • Extortion liability: losses due to a threat of extortion and professional fees related to terminating an external threat.
  • Network security liability:  third-party damages resulting from denial of access to a system, costs related to data stored with third-party suppliers and costs related to the theft of data on third-party systems.
  • Reputational Injury: third-party damages from disparagement or privacy violations caused by breach of the insured’s system.
  • Conduit Injury: damages to customers’ systems affected by breach of the insured’s system.
  • Disclosure Injury: damages to individuals caused by the unauthorized access of their private information held on the insured’s system.

Most major insurers even offer special cybersecurity products to cater to a company’s specific cybersecurity needs. For example, AIG offers cybersecurity insurance through a product called Cyber Edge. Cyber Edge offers coverage for data liability, which includes personal data, corporate data, outsourcing and network security with optional coverage for Business/Network Interruption, Multimedia Liability, and Cyber/Privacy Extortion. The product additionally offers crisis management for a data breach, including public relations advice, and has a response team available 24/7 in the event of a cybersecurity breach. Following the occurrence of a security breach or data leak, Cyber Edge will provide data restoration, recollection and recreation services.

Conclusion

Obtaining cybersecurity insurance coverage is an important part of a company’s overall cybersecurity plan and companies should consult with legal counsel to most effectively meet their overall goals. While cybersecurity policies currently available may be expensive and limited to some degree, numerous coverage options remain accessible. In obtaining a suitable cybersecurity insurance policy, it is important for a company to understand many important factors including the language of their current policies, the current state of the market, relevant risks which need to be insured, and the types of coverage available.

An experienced attorney in the cybersecurity field can help guide a global company in navigating the broad options for cybersecurity policies available and obtain a policy that addresses the company’s risks and needs.