What to Look For
There are many coverages provided in a standard cyber insurance policy. This overview will be most helpful when reviewing a possible cyber policy offer.
Cyber policies generally cover two groups:
First-Party Liability: These cover the expenses your business may incur following a data breach or other cybersecurity attack on your network or systems. Often, these will help cover the cost to retain legal counsel to determine notification and regulatory obligations following a breach. It can also cover fees, fines, and penalties related to the incident, as well as costs to set up notification and call center services.
Third-Party Liability: These cover damages or settlements the organization must pay in suits or claims for injuries resulting from the organization's actions or failure to act. According to the FTC, payments to victims, litigation costs, regulatory inquiries, claims, and settlement expenses can be handled by third-party coverage under a cyber policy.
Cyber insurance is a fast-changing coverage. As carriers experience more claims events and help clients navigate cyber events, policy language, exclusions, and inclusions will change. It's also competitive between carriers, with more offering this coverage type every year. At the time of this writing, a cyber policy with a $1M limit averages $2,000 annually, depending on the type of risks present.
Common Exclusions
Insurance is sometimes best understood backward, by first knowing what is excluded. Here are a few of the common exclusions found in policies:
Poor Security Processes: Attacks that occur due to ineffective security processes or poor configuration management.
Prior Breaches: Security events or breaches that occurred before the organization purchased a cyber insurance policy.
Human Error: Cyber attacks caused by human error by the organization's personnel.
Insider Attacks: Data theft or loss occurring due to an insider attack by an employee.
Pre-existing Vulnerabilities: Breaches that occurred because the organization failed to correct or address a previously known vulnerability.
Technology System Improvements: Costs related to technology improvements, such as hardening networks and applications.
First-Party Coverages
Breach Response & Remediation: A breach is defined as the unauthorized acquisition of covered information that compromises its security, integrity, or confidentiality. Coverage for response and remediation costs associated with a breach. This includes legal fees, customer notification, IT/digital forensics, and crisis media relations, among others. Companies can be required to provide free credit monitoring services for at least 12 months if a data breach exposes their customers' Social Security numbers. However, companies may not be required to provide credit monitoring if it is determined that the affected individuals won't be harmed.
Cyber Business Interruption: Coverage for financial losses due to a cyber event that causes degradation to your computer system. It usually requires a time retention (see Business Interruption Waiting Period).
Dependent Business Interruption: Coverage for financial losses due to a cyber event when a 3rd party provider experiences a cyber event that causes you disruption; 3rd parties often include cloud providers or other software/services/hosting providers.
System Failure: Coverage for financial losses due to business interruption resulting from an unplanned or unintentional outage, often caused by employee error or power outage.
Dependent System Failure: Coverage for financial losses due to business interruption resulting from an unplanned or unintentional outage of a system operated by a 3rd party vendor, often caused by employee error or power outage.
Business Interruption Waiting Period: A time retention is typically applied to cyber business interruption and system failure.
Dependent Business Interruption Waiting Period: A time retention is typically applied to cyber-dependent business interruption and dependent system failure.
Ransomware / Cyber Extortion: Coverage for the costs to respond to a cyber extortion (ransomware) event, including forensics experts to investigate the attack, experienced negotiators, and sometimes ransom payments in virtual currencies.
Ransomware Payment Provision: Provision for how the policy responds to a ransomware claim; "Pay on behalf" indicates the carrier will tender payments due when a ransom event occurs; "Reimbursement" indicates the insured will pay out of pocket and then seek reimbursement for covered losses.
Digital Asset Damage: Coverage for costs to rebuild electronic data and other digital assets after a cyber event, like recovering offsite backups, etc.
Cyber Crime: Coverage for the theft of funds due to a security failure, often by a hacker stealing login credentials; this is often referred to as fund transfer fraud and may be covered under a crime policy.
Social Engineering: Coverage for theft of funds via deception or impersonation, where a criminal tricks you into parting with your funds, often linked to business email compromise.
Client Funds: Coverage extension to cover theft of client funds in the insured's care, custody, or control.
Invoice Manipulation: Coverage for the release or distribution of a fraudulent invoice or fraudulent payment instruction to a third party as a result of a cyber-event.
Telephone Hacking: Coverage for costs associated with unauthorized and fraudulent telephone calls. Sometimes shows up as TCPA Defense Coverage (Telephone Consumer Protection Act).
Crypto Jacking: Coverage for costs associated with unauthorized use of the insured's computer processing power to mine cryptocurrency.
Reputational Harm: Coverage for lost income from an adverse media event due to a cyber event that damages the insured's reputation.
Breach Response (Outside the Limit): Coverage for 1st-party breach costs outside the policy aggregate limit, in addition to the policy aggregate limit.
Bricking: Coverage for physical damage to IT hardware resulting from a cyber event that renders the equipment useless and unable to be safely repaired.
Bodily Injury: Coverage for bodily injury which results from a cyber-event.
Property Damage: Coverage for property damage that results from a cyber-event.
BYOD: Coverage for any device used by the company's employees in the course of normal business operations, no matter who the device belongs to.
Third-Party Coverages
Cyber / Privacy Liability: Defense and indemnity for claims against you related to cyber events or data breaches.
Media Liability: Defense and indemnity for claims of libel, slander, copyright infringement, trademark infringement, invasion of privacy, etc.
Regulatory Defense & Fines: Defense and indemnity coverage for claims brought by federal, state, local, or foreign governing bodies related to privacy regulations, data breaches, cyber events, and fines and penalties where insurable by law.
PCI Fines & Assessments: Coverage for assessments, fines, or penalties imposed by banks or credit card companies due to non-compliance with the Payment Card Industry Data Security Standard (PCI DSS).
Defense (Outside the Limits): Additional defense coverage outside of the limits of liability.
Bodily Injury: Defense and indemnity coverage for bodily injury that results from a cyber-event.
Property Damage: Defense and indemnity coverage for property damage that results from a cyber-event.
Additional Services
Cyber Risk Report: An assessment of the company's business cybersecurity often provides a score and actionable security recommendations. Carriers that can provide this usually only need the company's URL to do an outside-in scan and provide this for all quotes.
Proactive System Monitoring: Ongoing and regular scanning to monitor for security vulnerabilities. If issues are flagged, the carrier will proactively notify the insured and offer assistance to mitigate; only provided to policyholders.
Pre-claim Assistance: Access to software and services, including cyber risk applications, breach response plans, data breach calculators, and other risk management tools to manage cyber risk.
Expert Cybersecurity Advice: Open access to cybersecurity experts to ask questions about the company's security; usually, access is provided via phone or email.
Data Breach Regulations: Every state will have a different set of rules for notifying individuals and regulators about what information is covered and what penalties can be imposed.
Coverage That Reflects Your Standards
From modern architectural estates to historic coastal homes, each deserves more than a standard policy. We account for the rising cost of rebuilding, the increased use of electric bikes in our communities, hidden risks like wildfire embers or water intrusion, and personal liability tied to high-value living.
Every client receives direct access to experienced advisors who personally manage coverage details. We don't have call centers or offer one-size-fits-all plans. The result is quiet confidence in your protection, supported by a local team that knows your community as well as you do.