Cyber & Privacy Liability

  1.   Product & Services / Management Liability Insurance / Cyber & Privacy Liability

Cyber Liability Insurance provides a combination of coverage options to help protect your business. It's not a question of if your organization will suffer a breach, but when!

The cost of dealing with a data breach goes beyond repairing databases, strengthening security procedures or replacing lost laptops. Regulations requiring notifications of affected customers also drive costs for companies in which a data breach compromises personal or confidential data. Traditional business insurance may not be enough to protect companies from cyber-crime. But just how does cyber insurance work?

Typically, there are a number of different coverages available. The following are some explanations of typical elements of a cyber insurance policy.

First-Party Coverage

Cyberspace and electronic activity exposes businesses to a number of first-party property loss exposures, which include the following.

  • Business interruption Business interruption losses result when a breach of or malfunction of a business's computer systems causes a loss of income to the firm. For example, a business interruption loss occurs when an online retailer suffers a loss of revenue during the time in which its website cannot process orders because all of the data within it has been corrupted by a virus

  • Dependent business interruption A dependent business interruption loss, as defined by those insurers whom offer this coverage within their cyber and privacy forms, typically results from the failure of service providers' computer systems (rather than the insured's systems). This failure, in turn, leads to an interruption in the insured's business and a subsequent loss of revenue. Dependent business interruption covergae usually applies to technology service providers

  • Extra expense An extra expense loss occurs when extraordinary costs must be incurred to minimize the time during which a business' electronic network is rendered inoperative.

  • Data asset loss Just as the implanting of a virus can shut down a company's operating system, so too can the virus destroy valuable data assets. For example, a virus may corrupt and make a company's customer lists unreadable and inaccessible. Similarly, it could destroy a company's proprietary software programs.

  • Cyber extortion Cyber extortion occurs when a criminal threatens to damage or shut down a company's electronic systems unless the company pays the criminal a specific ransom amount. In addition, criminals could threaten to expose electronic data or information belonging to a victim if the target does not pay the ransom demanded.

  • Computer fraud (or "computer crime") In a computer fraud situation, after gaining access to a company's network, the criminal uses such access to obtain valuable data or information. This is frequently in contrast to a cyber extortion scenario, in which the actual data or information is not compromised if the company gives in to the criminal's demands. In the extortion scenario, it would be “bad for business” if hackers were to develop a reputation of refusing to relinquish control of sensitive information even after a company paid up. Due to this, companies that have been breached and extorted have generally found that hackers follow through on their word upon receiving payment.

  • Funds transfer fraud Funds transfer fraud occurs when a cybercriminal access a computer network and then uses such access to fraudulently transfer monies from one account to another.

  • Miscellaneous crime losses A number of crime loss types that don't fit neatly into any of the above categories..

    • Spamming
    • Illegal system uses by employees
    • Sabotage by employees
    • Intercepting e-mail Internet messages of a proprietary nature.
    • Defacing Web pages
    • Posting source codes

Third-Party Coverage

There are four broad categories of third-party liability exposures to which businesses are subject when they engage in cyberspace and electronically driven activities.

  • Information security liability Information security liability refers to the liabilities that result from sensitive information being exposed after (or during) breaches of an electronic network.

  • Privacy liability Privacy liability, defined above, is closely tied in with PII. PII is information that can be used to uniquely identify, contact, or locate a single person or can be used in conjunction other sources to uniquely identify a single individual.

  • Content liability Liability in conjunction with material published on its website.

    • Personal injury, such as defamation, libel, slander, trade libel, infliction of emotional distress, and invasion of privacy, including an invasion or interference with an individual's right of publicity
    • Commercial/intellectual property violations, including plagiarism; piracy; misappropriation of ideas under implied contract; copyright infringement; and infringement of domain name, trademark, trade name, trade dress, logo, title, meta-tag, slogan, service mark, or service name. Other improper Web-based activities, including improper deep linking or framing within electronic content
    • Social media liability resulting from activities engaged in on sites such as Facebook, LinkedIn, Twitter, Snapchat, and others

  • Bodily injury and property damage liability Coverage for cyber-related bodily injury (BI) and property damage (PD) liability is necessary because cyber and privacy insurance policies universally exclude coverage for direct bodily injury and property damage liability caused by cyber intrusions.