Data Breach Response and Notification – Provides the Insured with forensic assistance to determine the extent of a breach, legal services in complying with breach notification laws, notification via mail or email to affected individuals, as well as public relations and crisis management for the Insured. Policies often provide call center services and credit monitoring services for those affected.
Regulatory Defense and Penalties -Coverage for legal defense costs and penalties from regulatory proceedings from the FTC, FCC or another government entity resulting from a security breach.
Cyber Extortion (Ransomware) - Reimbursement for losses incurred as a result of an extortion threat. Policies often provide help in negotiations, which must begin immediately. Reporting it to the police is usually required.
Business Interruption - Reimburses the Insured for the lost income and extra expenses incurred for a set number of days after a security breach. Policies often have a waiting period. Some policies may include coverage for breaches suffered by other businesses with whom the Insured has a dependent relationship.
Data Protection or Recovery, System Failure – Coverage for expenses incurred by the Insured to recover, unencrypt, or estore lost data, including the costs to determine the extent of the damage and whether it is possible to restore the data.
Data Security and Privacy Liability - Coverage for damages and expenses resulting from theft, loss, or unauthorized disclosure of personally identifiable information that the Insured possesses, failure to prevent a breach or disclose an incident, and violations of privacy law.
Website or Media Liability - Coverage for damages and claims expenses resulting allegations such as libel, slander, defamation, copyright infringement, emotional distress and other acts committed on the Insured’s website or social media. Sometimes printed materials (i.e. brochures) are covered.
PCI-DSS liability/Payment Card Industry - Coverage for fines or assessments levied against the insured for not complying with a payment card services agreement.
Bodily Injury – coverage for claims involving bodily injury, sickness, disease (including death) resulting from a breach, denial of service attach, virus, etc. Can involve a patient’s medical device or if medical records are accessed and changed/deleted.
“Bricking”, Consequential Property Damage – coverage for physical computer equipment if the data security event renders the equipment useless and beyond repair.
Telephone Consumer Protection Act - covers claims involving unsolicited phone calls or emails coming from the Insured, violations of the Telemarketing and Consumer Fraud & Abuse Prevention Acts, CAN-SPAM Act.