What Risks are Generally Covered Under Cyber Insurance Policies?

When an organization becomes a victim of a cybersecurity incident, having cybersecurity insurance can help with some of the costs that are associated with recovering from the breach.

Before we jump to a summary of some of the risks that cyber insurance policies may cover, we strongly recommend that you engage with cyber insurance experts. Just like the cybersecurity threat landscape is continuously changing so is the cyber insurance landscape and it is a complex environment to navigate. Consulting with experienced and knowledgeable cyber insurance brokers and insurers is key to having a policy in place that meets the requirements of the organization.

Cyber Insurance Coverage

There are generally two types of coverage in cyber insurance policies. First-Party and Third-Party coverage.

First-Party Coverage

Includes direct loss and out of pocket expenses that are incurred by an organization from a cybersecurity incident. Here are some examples.

  • Business Income/Extra Expenses – this generally refers to the suspension or interruption of business due to a network security breach and may also include system failure if that coverage is specified. Examples of the costs that may be covered:
    • Loss of income
    • Costs in excess of normal operating expenses to restore the systems
    • Dependent business interruption
    • Forensic costs
  • Data Asset Protection – these are the costs to restore, recreate or recollect the data and other intangible assets that are corrupted or destroyed. Costs associated with:
    • The restoration of corrupted data
    • The vendor costs to recreate the lost data
  • Event Management – this encompasses costs resulting from a network security or privacy breach and include:
    • Forensic costs
    • Notification costs
    • Credit Monitoring costs
    • Call centre costs
    • Public Relations costs
  • Cyber Extortion – this refers to the costs that may be associated with a ransomware attack where the cybercriminals hold your data, confidential information and other assets until ransoms are paid. Examples of costs that are covered are:
    • Forensic expenses
    • Costs associated with investigation of the incident
    • Negotiations and payments of ransoms

Third-Party Coverage

This coverage includes expenses and legal fees related to the potential damage caused by an incident to third parties, such as partners, customers, or even employees when sensitive information has been compromised. Examples of third-party coverage are:

  • Privacy Liability – refers to the theft of non-public personal information in electronic and hard-copy form and liability involving the failure to comply with privacy laws, or those regulations that govern the control, collection, access, transmission, use and accuracy of that information. Some of the costs associated with this coverage are:
    • Costs of liability and legal defence
    • Costs related to third-party trade secrets liability
    • Notification of incident
    • Costs of investigation of the incident
    • Costs associated with public relations
  • Network Security Liability – this coverage relates to the failure of system security to prevent or mitigate a cyber attack. Costs included within this coverage are:
    • Liability and defence
    • Legal action by banks
    • Legal action by consumers
  • Privacy Regulatory Defence Costs – these are privacy breach and related fines and penalties that are assessed by regulators and include:
    • Costs related to the investigation by a Regulator
    • Liability and defence costs
    • Fines and penalties from industry or government regulators
    • Costs associated with preparing to testify before regulators
    • Legal action by banks or consumers

Common Limitations and Exclusions

Here are some common exclusions that are typical in cyber insurance policies.

  • Deliberate, willful, malicious, fraudulent, or dishonest acts by any employee, director or officer
  • Third Party Bodily Injury and Property Damage
  • Misappropriation of Intellectual Property
  • Upgrades, redesigns or reconfigurations of the Insured’s computer systems or data to a condition beyond the state prior to Loss (improvements and betterments)
  • Partial or total system failures from wear and tear, drop in performance or aging of electronic equipment and property
  • Fines, penalties and punitive damages unless specifically covered in policy
  • Scheduled downtime, planned outages or idle periods
  • Any failure or interruption to a Third Party infrastructure of service provider, including telecommunications, internet service, electricity and so forth
  • War and Terrorism

As we mentioned above, as the cybersecurity threat landscape changes, so will the cybersecurity measures cyber insurance providers will require. Again, we strongly advise working with a cyber insurance expert to understand the requirements in order to prepare for requesting or renewing your organization’s cyber insurance policy.

MicroAge works with businesses to develop a solid cybersecurity strategy and put in place cybersecurity measures that can help with obtaining or renewing the appropriate cyber insurance coverage for their organization. Contact us today to see how we can help you.

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

Aenean ut ullamcorper orci, non scelerisque ante

Aenean ut ullamcorper orci, non scelerisque ante. Proin lobortis imperdiet posuere. Maecenas iaculis lacus purus, id feugiat mi maximus non. In hac habitasse platea dictumst….

Read More

How To Choose A Cloud Provider

How To Choose A Cloud Provider Using cloud solutions can help your small or mid-sized business move faster, reduce costs, and adopt the latest technology—all…

Read More
Employee security, sécurité employé

How to Ensure the Business Security of Your Remote Employees

In the past, a business was only able to operate effectively if all of its staff and equipment were under a single roof. These days,…

Read More

How To Avoid Social Media Phishing Scams

Phishing is unfortunately a common practice across various media. It involves luring people to click on links that will install malware on their device(s), or…

Read More
Managed IT Services, Services TI Gérés

Using Managed IT Services to Help Your Business Grow

The Business Development Bank of Canada released the Digitize Now: How to Make the Digital Shift in Your Business study last October. They surveyed more…

Read More