Common FIRST PARTY Coverages 

Covers the Insured directly for its losses

Data Breach Response and Notification – Provides the Insured with forensic assistance to determine the extent of a breach, legal services in complying with breach notification laws, notification via mail or email to affected individuals, as well as public relations and crisis management for the Insured.  Policies often provide call center services and credit monitoring services for those affected.

Regulatory Defense and Penalties -Coverage for legal defense costs and penalties from regulatory proceedings from the FTC, FCC or another government entity resulting from a security breach.

Cyber Extortion (Ransomware) - Reimbursement for losses incurred as a result of an extortion threat.  Policies often provide help in negotiations, which must begin immediately.  Reporting it to the police is usually required.

Business Interruption - Reimburses the Insured for the lost income and extra expenses incurred for a set number of days after a security breach.   Policies often have a waiting period.  Some policies may include coverage for breaches suffered by other businesses with whom the Insured has a dependent relationship.

Data Protection or Recovery, System Failure – Coverage for expenses incurred by the Insured to recover, unencrypt, or estore lost data, including the costs to determine the extent of the damage and whether it is possible to restore the data. 

Common THIRD PARTY Coverages

Covers those affected by the Insured’s security breach, for which the Insured is liable

Data Security and Privacy Liability - Coverage for damages and expenses resulting from theft, loss, or unauthorized disclosure of personally identifiable information that the Insured possesses, failure to prevent a breach or disclose an incident, and violations of privacy law.

Website or Media Liability - Coverage for damages and claims expenses resulting allegations such as libel, slander, defamation, copyright infringement, emotional distress and other acts committed on the Insured’s website or social media.  Sometimes printed materials (i.e. brochures) are covered.

Other coverages which may be available

PCI-DSS liability/Payment Card Industry - Coverage for fines or assessments levied against the insured for not complying with a payment card services agreement. 

Bodily Injury – coverage for claims involving bodily injury, sickness, disease (including death) resulting from a breach, denial of service attach, virus, etc.   Can involve a patient’s medical device or if medical records are accessed and changed/deleted. 

“Bricking”, Consequential Property Damage – coverage for physical computer equipment if the data security event renders the equipment useless and beyond repair.

Telephone Consumer Protection Act -  covers claims involving unsolicited phone calls or emails coming from the Insured, violations of the Telemarketing and Consumer Fraud & Abuse Prevention Acts, CAN-SPAM Act.

NOT INCLUDED or LIMITED Coverage only 

  • Losses of data or physical computer equipment due to causes other than a security breach, for example if a power outage causes corruption of data, computers are stolen or if physical damage occurs to a piece of equipment.  These losses may be covered under a property policy.
  • Losses of money due to cyber crime (i.e. funds transfer fraud, electronic theft of money, phishing, impersonating another to obtain money or access to it.)   As cyber crime becomes more prevalent, many companies are offering smaller amounts of coverage for this.   A crime policy offers more comprehensive coverage for these losses.   
  • As with any insurance policy, how the coverage works is just as important as what is covered. All policies have definitions, exclusions, and conditions that determine how/if coverage will apply.  We advise you to read your policy and ask questions.