A Cyber Liability Insurance policy provides coverage in a modular format and consists of third party and first party sections. Insurers generally follow the same policy format, coverage does however vary greatly from insurer to insurer and it is important that you obtain the coverage relevant to your businesses cyber risk exposures . Insurers to do not yet utilize same cyber terminology and this makes it a challenge to compare policy wordings.
A typical cyber liability insurance policy will offer the following coverage modules :-
1. Third Party Section
Network Security Liability
Liability to a third party as a result of the destruction of a third party’s electronic data. This also encompasses an inadvertent transmission of a computer virus to a third party.
Data Privacy Liability
The liability to a third party which may cause unauthorized disclosure of personally identifiable information or corporate information.
Your liability arising from content on your website as a result of a defamatory comment, infringement of copyright or invasion of privacy.
2. First Party Section
Network Business Interruption
This represents coverage for the interruption or suspension of your computer systems as a result of a network security breach or network failure , the later of which may not be automatically included. Insurers will reimburse a businesses and any expenses incurred in order to mitigate this.
Data Asset Protection
This provides coverage arising out of the corruption or destruction of your computer systems. The loss covered is the replacement and restoration costs.
A threat to the computer network where a ransom has been demanded, this will include negotiation costs.
Costs associated with responding to a data breach including forensic costs, credit monitoring, call center costs and public relations costs.
In addition to this , it is important that the insurer is able to provide “vendors” who will manage a data breach , this should as a minimum include a firm of solicitors , a forensic investigation company and a crisis response team.
The policy will be on an “aggregate” policy basis, i.e. the total number of claims made in any one policy year.
A self – insured excess will be imposed by insurers which is the first party of any claim that you will need to pay.
The business interruption module will also be subject to a separate excess which is normally an hourly figure. This section will be subject to an indemnity period , which is the period that the policy will provide coverage for this module.
A good insurance broker who has expertise in the placement of a cyber liability insurance policy should be contacted so that you can obtain the appropriate advice and guidance on policy purchase.