What Risks are Generally Covered Under Cyber Insurance Policies?

When an organization becomes a victim of a cybersecurity incident, having cybersecurity insurance can help with some of the costs that are associated with recovering from the breach.

Before we jump to a summary of some of the risks that cyber insurance policies may cover, we strongly recommend that you engage with cyber insurance experts. Just like the cybersecurity threat landscape is continuously changing so is the cyber insurance landscape and it is a complex environment to navigate. Consulting with experienced and knowledgeable cyber insurance brokers and insurers is key to having a policy in place that meets the requirements of the organization.

Cyber Insurance Coverage

There are generally two types of coverage in cyber insurance policies. First-Party and Third-Party coverage.

First-Party Coverage

Includes direct loss and out of pocket expenses that are incurred by an organization from a cybersecurity incident. Here are some examples.

  • Business Income/Extra Expenses – this generally refers to the suspension or interruption of business due to a network security breach and may also include system failure if that coverage is specified. Examples of the costs that may be covered:
    • Loss of income
    • Costs in excess of normal operating expenses to restore the systems
    • Dependent business interruption
    • Forensic costs
  • Data Asset Protection – these are the costs to restore, recreate or recollect the data and other intangible assets that are corrupted or destroyed. Costs associated with:
    • The restoration of corrupted data
    • The vendor costs to recreate the lost data
  • Event Management – this encompasses costs resulting from a network security or privacy breach and include:
    • Forensic costs
    • Notification costs
    • Credit Monitoring costs
    • Call centre costs
    • Public Relations costs
  • Cyber Extortion – this refers to the costs that may be associated with a ransomware attack where the cybercriminals hold your data, confidential information and other assets until ransoms are paid. Examples of costs that are covered are:
    • Forensic expenses
    • Costs associated with investigation of the incident
    • Negotiations and payments of ransoms

Third-Party Coverage

This coverage includes expenses and legal fees related to the potential damage caused by an incident to third parties, such as partners, customers, or even employees when sensitive information has been compromised. Examples of third-party coverage are:

  • Privacy Liability – refers to the theft of non-public personal information in electronic and hard-copy form and liability involving the failure to comply with privacy laws, or those regulations that govern the control, collection, access, transmission, use and accuracy of that information. Some of the costs associated with this coverage are:
    • Costs of liability and legal defence
    • Costs related to third-party trade secrets liability
    • Notification of incident
    • Costs of investigation of the incident
    • Costs associated with public relations
  • Network Security Liability – this coverage relates to the failure of system security to prevent or mitigate a cyber attack. Costs included within this coverage are:
    • Liability and defence
    • Legal action by banks
    • Legal action by consumers
  • Privacy Regulatory Defence Costs – these are privacy breach and related fines and penalties that are assessed by regulators and include:
    • Costs related to the investigation by a Regulator
    • Liability and defence costs
    • Fines and penalties from industry or government regulators
    • Costs associated with preparing to testify before regulators
    • Legal action by banks or consumers

Common Limitations and Exclusions

Here are some common exclusions that are typical in cyber insurance policies.

  • Deliberate, willful, malicious, fraudulent, or dishonest acts by any employee, director or officer
  • Third Party Bodily Injury and Property Damage
  • Misappropriation of Intellectual Property
  • Upgrades, redesigns or reconfigurations of the Insured’s computer systems or data to a condition beyond the state prior to Loss (improvements and betterments)
  • Partial or total system failures from wear and tear, drop in performance or aging of electronic equipment and property
  • Fines, penalties and punitive damages unless specifically covered in policy
  • Scheduled downtime, planned outages or idle periods
  • Any failure or interruption to a Third Party infrastructure of service provider, including telecommunications, internet service, electricity and so forth
  • War and Terrorism

As we mentioned above, as the cybersecurity threat landscape changes, so will the cybersecurity measures cyber insurance providers will require. Again, we strongly advise working with a cyber insurance expert to understand the requirements in order to prepare for requesting or renewing your organization’s cyber insurance policy.

MicroAge works with businesses to develop a solid cybersecurity strategy and put in place cybersecurity measures that can help with obtaining or renewing the appropriate cyber insurance coverage for their organization. Contact us today to see how we can help you.

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

fin de support windows 7 end of support

What Window 7’s End of Support Means for You

Windows 7 is one of the most successful operating systems ever released by Microsoft. The OS received critical acclaim when it first came out in…

Read More
audit tech

Back to the Office: Auditing Tech and Adjusting your Business

Many businesses were not ready for the global health crisis we were plunged into and needed to adapt quickly. Now that economies worldwide are reopening…

Read More

MicroAge Kingston Among Canada’s Top 50 Best Managed IT Companies.

MicroAge Kingston was selected as one of the 50 Best Managed IT Companies in Canada for the 4th year in a row! Everyone who is selected to receive the award is equally ranked and recognized as one of the top 50. They are all evaluated on their best business practices. Over 1500 Canadian IT companies...

Read More
Windows 11

What Businesses Need to Know about Upgrading to Windows 11

On October 5th, 2021, Microsoft released Windows 11. In this article, we are sharing the information needed on Windows 11 to make an informed decision about if and when businesses should upgrade the…

Read More

Planning Your Cybersecurity Budget for 2023

For many organizations, this is the time of year for forecasts and budgets for the upcoming year. From an IT perspective there are many considerations…

Read More