The Cyber Liability Policy

The Cyber Liability Policy explained. There are many different ways in which a business can fall victim to Cyber Crime and many people are surprised to find out that some of them have absolutely nothing to do with electronic devices. So it's very important to know what you're getting when purchasing a Cyber Liability policy. If you choose the right agency and broker they should make sure to tailor the policy to your needs.



If the policy doesn't cover theft by non-electronic devices and somebody looks through your businesses trash and finds some documents that were supposed to be shredded and they gain access to a client's account. Through these means, your policy will ultimately send you a declination letter explaining why they won't pay your claim. This is what you want to avoid. There are many other First Party and Third Party exposes.

The Main Coverage found in the Cyber Liability Policy

Privacy protection: Covers costs to defend and resolve claims with regard to the handling of personally identifiable or confidential corporate information. Covers negligence, violation of privacy or consumer protection law, breach of contract and regulatory investigations. Covers issues resulting from the  failure of network security, including the negligent  transmission of a virus and the inadvertent  participation in a  DDOS attack against a third party


Breach costs: Coverage for costs associated with responding to a  breach, such as forensic costs to confirm and identify the breach, costs to notify affected individuals, credit protection services including costs to staff a call center for the redemption of monitoring offers, and crisis management and  public relations costs.

Cyber business interruption: Covers financial loss, such as business income when a company has its network-dependent revenue interrupted. Traditionally, this has been for fire, flood, etc. but technology growth has created new BI perils (viruses, tech failures, programming errors and computer hacking).

Hacker damage: Covers costs to recreate or repair damaged or destroyed data, systems or programs. In a digital world, property is no longer exclusively tangible, so  specialized coverage is needed to pay for intangible  data recovery costs.

Cyber extortion: Covers the response costs and financial  payments associated with network-based  ransom demands. With the proliferation of ransomware such as Cryptolocker and  anonymous currencies such as Bitcoin, network  extortion demands are on the rise. In the digital  world, intangible assets are ‘kidnapped’ and  extorted with threats to shut down a system or  divulge sensitive or proprietary information

Multimedia liability: Costs to defend and resolve claims related to online content, such as defamation or trademark or copyright infringement.

For more information on how we can help tailor your policy with Cyber Endorsements like Social Engineering and more contact us.

First Party Exposures

Include any expenses resulting from a breach but not requiring a lawsuit: 

• Computer forensics expenses (to identify the size and scope of a breach or loss of information) – costs can vary greatly depending on breach size/complexity
• Notification of affected individuals - rates can vary, but many carriers have negotiated rates that range from $1.25 to $5/head
• Credit monitoring after loss of social security numbers - widely available on the open market at upwards of $20/year, but many carriers have negotiated rates in the $9-$13/head/year range
• Regulatory fines and penalties - HIPAA – enforced by Health and Human Services and the Office of Civil Rights - Fines/Penalties vs. Compensatory Awards
• Public relations expenses
• Ransomware payments for cyber-extortions

Third Party Exposures
Include any expenses triggered after a lawsuit is filed by a third party: 

• Class-action lawsuits
• Payment card reissue expenses
• Payment card fraud expenses
• PCI Fines/Penalties
• Identity theft lawsuits
• Loss of third party intellectual property or confidential corporate information lawsuits
• Network disruption suits
• Bodily injury arising from lost data
• Mental distress due to exposure of privacy information
• Negligent transmission of a computer virus/worm or malicious code