What Risks are Generally Covered Under Cyber Insurance Policies?

When an organization becomes a victim of a cybersecurity incident, having cybersecurity insurance can help with some of the costs that are associated with recovering from the breach.

Before we jump to a summary of some of the risks that cyber insurance policies may cover, we strongly recommend that you engage with cyber insurance experts. Just like the cybersecurity threat landscape is continuously changing so is the cyber insurance landscape and it is a complex environment to navigate. Consulting with experienced and knowledgeable cyber insurance brokers and insurers is key to having a policy in place that meets the requirements of the organization.

Cyber Insurance Coverage

There are generally two types of coverage in cyber insurance policies. First-Party and Third-Party coverage.

First-Party Coverage

Includes direct loss and out of pocket expenses that are incurred by an organization from a cybersecurity incident. Here are some examples.

  • Business Income/Extra Expenses – this generally refers to the suspension or interruption of business due to a network security breach and may also include system failure if that coverage is specified. Examples of the costs that may be covered:
    • Loss of income
    • Costs in excess of normal operating expenses to restore the systems
    • Dependent business interruption
    • Forensic costs
  • Data Asset Protection – these are the costs to restore, recreate or recollect the data and other intangible assets that are corrupted or destroyed. Costs associated with:
    • The restoration of corrupted data
    • The vendor costs to recreate the lost data
  • Event Management – this encompasses costs resulting from a network security or privacy breach and include:
    • Forensic costs
    • Notification costs
    • Credit Monitoring costs
    • Call centre costs
    • Public Relations costs
  • Cyber Extortion – this refers to the costs that may be associated with a ransomware attack where the cybercriminals hold your data, confidential information and other assets until ransoms are paid. Examples of costs that are covered are:
    • Forensic expenses
    • Costs associated with investigation of the incident
    • Negotiations and payments of ransoms

Third-Party Coverage

This coverage includes expenses and legal fees related to the potential damage caused by an incident to third parties, such as partners, customers, or even employees when sensitive information has been compromised. Examples of third-party coverage are:

  • Privacy Liability – refers to the theft of non-public personal information in electronic and hard-copy form and liability involving the failure to comply with privacy laws, or those regulations that govern the control, collection, access, transmission, use and accuracy of that information. Some of the costs associated with this coverage are:
    • Costs of liability and legal defence
    • Costs related to third-party trade secrets liability
    • Notification of incident
    • Costs of investigation of the incident
    • Costs associated with public relations
  • Network Security Liability – this coverage relates to the failure of system security to prevent or mitigate a cyber attack. Costs included within this coverage are:
    • Liability and defence
    • Legal action by banks
    • Legal action by consumers
  • Privacy Regulatory Defence Costs – these are privacy breach and related fines and penalties that are assessed by regulators and include:
    • Costs related to the investigation by a Regulator
    • Liability and defence costs
    • Fines and penalties from industry or government regulators
    • Costs associated with preparing to testify before regulators
    • Legal action by banks or consumers

Common Limitations and Exclusions

Here are some common exclusions that are typical in cyber insurance policies.

  • Deliberate, willful, malicious, fraudulent, or dishonest acts by any employee, director or officer
  • Third Party Bodily Injury and Property Damage
  • Misappropriation of Intellectual Property
  • Upgrades, redesigns or reconfigurations of the Insured’s computer systems or data to a condition beyond the state prior to Loss (improvements and betterments)
  • Partial or total system failures from wear and tear, drop in performance or aging of electronic equipment and property
  • Fines, penalties and punitive damages unless specifically covered in policy
  • Scheduled downtime, planned outages or idle periods
  • Any failure or interruption to a Third Party infrastructure of service provider, including telecommunications, internet service, electricity and so forth
  • War and Terrorism

As we mentioned above, as the cybersecurity threat landscape changes, so will the cybersecurity measures cyber insurance providers will require. Again, we strongly advise working with a cyber insurance expert to understand the requirements in order to prepare for requesting or renewing your organization’s cyber insurance policy.

MicroAge works with businesses to develop a solid cybersecurity strategy and put in place cybersecurity measures that can help with obtaining or renewing the appropriate cyber insurance coverage for their organization. Contact us today to see how we can help you.

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

Cybersecurity strategies banner, stratégie cybersécurité

Top 5 Cybersecurity Strategies for Your Business

Whether it’s our personal identity, our banking, or possessions in our home, security is a topic we all think about every day. But are you…

Read More
Managed Services Gérés

How Managed Services Can Help Your Business During COVID-19

Businesses across the globe are heavily reliant on technology to maximize their efficiency. This has become more evident during this COVID-19 pandemic. The dependence on…

Read More
IT Investments

Planning Your IT Budget and Investments for 2022

With 2022 just around the corner many organizations are planning and budgeting for the year ahead. IT should be part of that discussion. We would…

Read More

What are the consequences of an IT shortage?

The impact of labour shortages is growing in almost all business sectors, including, unfortunately the IT department. This reality is especially true with the advent…

Read More
Security requirements Canada

5 Minimum Security Requirements Canadian Businesses Need for 2020

The Canadian Center for Cyber Security recently issued a whitepaper talking about the many steps small businesses need to take to ensure their businesses are…

Read More