A Guide to Cyber Insurance Terms and Conditions

Cyber insurance terms and conditions can be overwhelming, but understanding them is crucial to protecting your business.

Policy limits, for example, determine the maximum amount your insurer will pay out in the event of a cyber breach.

When a breach occurs, having a clear incident response plan in place can significantly reduce business interruption costs.

Business interruption costs can be substantial, with some companies facing losses of up to 40% of their annual revenue.

Cyber insurance is designed to protect your company from various risks, including privacy risk, security risk, operational risk, and service risk.

The most prominent cyber risks are privacy risk, security risk, operational risk, and service risk.

There are four distinct insuring agreements that cyber insurance typically covers: network security and privacy liability, network business interruption, media liability, and errors and omissions.

Cyber insurance can cover first-party and third-party costs, including network security and privacy liability.

Here are some specific cyber risks that cyber insurance can cover:

A cyber insurance policy will also cover the aftermath and follow-up events associated with a data breach, including:

These costs can help organizations recover from a data breach and rebuild their reputation.

Network security is a crucial aspect of cyber insurance, covering your business in the event of a network security failure, which can include a data breach, malware infection, or ransomware attack.

This type of coverage is especially important for companies that handle sensitive information, as it helps protect against first-party costs, such as expenses incurred directly as a result of the cyber incident.

Some examples of first-party costs include expenses related to containing, remediating, and investigating a cyber incident, as well as covering monetary loss from brand damage and compliance violations.

Network security coverage can be tailored to include both first-party and third-party costs, with insurance providers often requiring organizations to have effective cybersecurity controls in place to qualify for coverage.

To give you a better idea of what network security coverage includes, here are some examples of first-party costs:

By understanding what network security coverage includes, you can make informed decisions about your cyber insurance policy and protect your business from the financial and reputational risks associated with cyber incidents.

Network security is a crucial aspect of protecting your business from cyber threats. A network security coverage grant is essential for most companies, especially those that handle sensitive information.

This type of coverage can include costs such as data breach response, malware removal, and ransomware recovery. First-party costs, which are expenses directly incurred by the company, are typically covered under network security policies.

Some common first-party costs include:

Network security and privacy liability coverage can also include third-party costs, such as legal fees and reputation damage. It's essential to understand the specific risks covered by your policy to ensure you're adequately protected.

Cybersecurity events can be costly, with a single event costing organizations hundreds of thousands of dollars. To mitigate these costs, businesses should prioritize effective cybersecurity controls and infrastructure.

Social engineering is a type of cyber attack that can do real damage to your cash flow. Phishing emails are a common example of social engineering, where an employee is duped into sending money from your bank accounts to a malicious hacker.

Social engineering coverage is designed to protect companies from funds transfer fraud situations. This type of coverage can be found on most modern crime insurance policies, often with higher sublimits and broader coverage than on a cyber-specific insurance policy.

To work with your broker to understand how cyber and crime insurance policies can work together on social engineering coverage, consider reading "How to Secure Optimal Coverage for Social Engineering Fraud".

Social engineering coverage can help protect against loss of transferred funds from events such as fraud and social engineering. This is just one of the many things that cyber insurance can cover, including loss of data and associated recovery, loss of revenue due to business interruptions from a cybersecurity event, and more.

Here are some examples of what cyber insurance can cover:

In addition to covering the actual cyber-event, many insurance policies also cover the aftermath and follow-up events associated with a data breach. This includes notification costs, credit monitoring, civil litigation, forensics, and brand damage.

Online Risk Solutions help businesses protect themselves from the financial and reputational fallout of a cyber incident. Cyber insurance can cover the costs of notifying individuals of a data breach, providing credit monitoring services, and complying with regulatory proceedings and fines.

The costs of a cyber incident can be devastating, including lost revenue due to business interruptions, restoring data and network equipment, and paying cyber extortion ransoms. Cyber insurance can also cover lawsuits alleging failure to protect customers' information due to theft, unauthorized access, viruses, or denial of service attacks.

System failures, social engineering, and funds transfer fraud are all types of cyber risks that can be covered by cyber insurance. Reputational harm and voluntary shutdown can also be protected against with the right insurance policy.

Here are some examples of what cyber insurance can cover:

In addition to these costs, cyber insurance can also cover the costs of credit monitoring, civil litigation, forensics, and brand damage. It's essential for businesses to check with their insurance company to ensure they have the right coverage to protect themselves from cyber-related risks.

Excluded from general insurance liability policies are cyber attacks and other digital data theft, making it essential for organizations to purchase cyber insurance separately.

Cyber insurance policies typically don't cover potential future lost profits or loss of value due to theft of intellectual property.

Excluded from cyber insurance policies are acts of war, which can be costly to cover due to the difficulty of actuarial calculations and the large volume of risks involved.

Some cyber insurance policies may not cover costs associated with building cybersecurity infrastructure before and after a breach, so it's crucial to review your policy for specific exclusions.

Not covered by cyber insurance policies are projected future revenue loss and intellectual property loss from a data breach, which should be covered under a separate tailored policy.

Here's a breakdown of what's typically not covered by cyber insurance policies: