Cyber Bulletin

You’ve likely heard of these terms, or a variation on them: Cyber Liability, Network and Information Security Liability, Communications and Media Liability, Privacy Liability and Expense coverage - these are examples of some increasingly popular generic terms that relate to new insurance coverages that have emerged to address new exposures. I shouldn’t say new, as we have been providing forms of this coverage, and the first ones were actually called Computer Services E&O, since the early 1990’s.

The traditional array of insurance policy offerings that we are all used to buying haven’t changed to meet the digital and communication exposures that exist in the way we do business today. These policies have emerged as a separate line of insurance.

There are 24 carriers that we’ve identified as offering some form of this coverage today. The breadth of coverage provided by these various carrier product offerings is highly disparate. We have analyzed these policies with the intent of determining the scope of what is available. We thought that it may be helpful to know what is generally available, and what coverages may be relevant to your organization. What’s outlined below is a summary of the eight coverage parts offered by the marketplace; all or a combination of these coverage parts can generally be included in one combined policy.

1. Network/Information Technology Security Coverage – do you keep or store data for others?

• Inability of a third party to gain access to any computer, online service or electronic data or system through the use of company technology – denial of service.
• Security failure or mistake resulting in unauthorized access to, use of, or tampering with data.
• Breaches by third parties as well as rogue employees.
• Coverage for claims which arise out of the introduction of malicious code.
• Your failure to prevent such things as transmission of malicious code.
• Causes of loss could be outside parties, rogue employees or former employees, or other circumstances.
• Coverage can be included for defense expense related to governmental agencies, meaning inquiries and hearings with regulatory bodies.

2. Web-Media Communications Coverage – do you have a web presence?

• Personal and advertising injury coverage for your website or other digital presence, including the gathering, publication or dissemination of content. This is what we’ve traditionally called media or publishers liability coverage.
• Theft or misuse of intellectual property, including infringement of copyright or trademark, and misappropriation claims.

3. Privacy Coverage – do you store PII – personally identifiable information?

• Claims alleging unauthorized acquisition, access, use, physical taking, mysterious disappearance, release, distribution or disclosures of personal and corporate information. These losses can be digital or physical in nature.
• In addition to the costs and legal expense of a lawsuit, underwriters may extend the policy to cover civil fines and penalties, and consumer redress.
• Coverage may also extend for claims regarding failure to provide notification required by any Security Breach Notification Law.
• Coverage may include violation of federal, state or local privacy laws including the Gramm-Leach-Bliley Act and HIPAA.

4. Privacy Breach Containment Coverage – for the immediate costs of data breach.

• This insurance recognizes that you may not get sued over a data breach; but, you will almost certainly have direct expenses that you incur. Forty eight states and the federal government have consumer notification requirements in the event of a data breach.
• Costs of notification.
• Crisis management expenses.
• Credit monitoring costs.
• Costs to investigate the existence of a breach.
• Coverage can be extended to include employee records.
• Business interruption can be added.

5. Technology Extortion Coverage

• Extortion payments to a third party related to a technology threat. This is similar to the familiar kidnap / ransom coverage, but with this coverage, the criminal calls you threatening a breach and wanting to be paid off to not go through with it.
• Expenses to investigate the cause of the extortion.
• Expenses that you incur to pay the extortion, including travel expenses and the cost of a third party to make a payment.
• Coverage can include reward paid to a third party leading to an arrest.

6. Data Restoration Loss Coverage

• Costs to restore, recover or replicate data that is damaged by a technology breach.
• Costs to recollect unrecoverable data.
• Cost to determine the ability to recollect data.
• Coverage can extend to include e-business interruption.

7. Crime coverage for computer fraud and funds transfer fraud

• Protection for fraudulent computer transfer of money or securities.

8. Miscellaneous professional services

• Liability coverage for alleged financial loss due to the providing or not providing your particular professional services. This is a traditional E&O or professional liability coverage, and the policy should broadly define and cover your professional services.

Insurance is great, as when a company suffers what could be a financial disaster, it is important to have a pile of money from an insurance company. However, insurance is oftentimes not the most elegant form of risk transfer. It is always best to first consider these exposures, and then think thru what else we can do with them, and how to avoid or mitigate them. We encourage you to develop a data breach and redundant technology plan, and with our associates we can help you with that. This way, the exposure is reduced and better controlled, and the insurance is less expensive. Applications for this insurance coverage will ask about what plan you may have in place.