New Perils in a Connected World – Which Cyber policy should you use?

Confused about finding the correct Cyber policy?  Join the crowd!
by Stew Nelson

As more and more insurance carriers issue a cyber liability policy, it is getting much more difficult to select the proper policy that is best for your business.  I would venture to say that it is impossible for the average insurance agent to understand them all.  I know as I spend four or five hours a week reading cyber policies to keep up to date with the latest and greatest offerings from Chubb, CNA, Chartis, Travelers, Hartford, Hiscox, Liberty Mutual, Hanover just to name a few.

To help you out, I am going to update a post that I made last year that examined a number of the features of Cyber policies that you should be aware are available.  I have added a 4th Major policy type to consider; Network Security, and a section on Common Exclusions.  Remember that First Party costs are cost that you incur and Third Party costs are cost that you are obligated to pay to a client or unrelated party.

Major Cyber policy types (Not all are automatically included in a single policy):

1. Data Breach (Failure to protect an individual’s privacy)
2. Virus and Malware  (Malicious software code)
3. Publishing/Media Liability  (Web content)
4.  Network Security (Loss or damage to insured’s or third party’s network)


First Party Costs
o Notification/Credit monitoring
o Public relations
o Extortion
o Terrorism
o Network damage
o Loss of digital property
o Enhancements in security
o Contractual liability in absence of a contract
o Allocation of covered and non covered claims
o Innocent mistakes
o Rogue employees
o Regulatory fines and penalties

Third Party Costs
o Privacy of employees
o Privacy of Customers
o Legal expenses
o Arbitration
o Coverage for independent contractors
o Non-monetary damages
o Innocent mistakes
o Assumed liability by contract


First Party Costs
o Network damage
o Business Interruption
o Enhancements in security
o Innocent mistakes

Third Party Costs
o Business Interruption
o Loss or damage to digital property


Defense and Settlement costs for
o Copyright infringement, slogan, trademark, trade name or service name
o Libel, slander or defamation, product disparagement or emotional distress
o Invasion of privacy
o Plagiarism, failure to attribute
o Misstatement or misleading statement
o Failure to follow published privacy policy
o Wrongful entry or eviction
o Contextual errors and Omissions

Miscellaneous issues
o Defense costs within the limits
o Claims Made or Occurrence
o Punitive Damages
o Territory


 First Party

o Cyber Extortion

o  Denial of service Attacks

o  Network Business Interruption

o  Network asset damage & extra expense

o  Emergency Response Fund

o  Electronic Theft (Money, products,

Third Party

o  Denial of service Attacks

o  Network Business Interruption

o  Network asset damage & extra expense

COMMON EXCLUSIONS ( All of these are not in every policy thank goodness!)

o Fraudulent acts of insured

o Deliberate acts

o Infringement of a patent  or trade secret

o Bodily injury or property damage

o Loss caused by an employee, officer, director, owner, Independent Contractors

o Liability assumed in a contract (Business Associates should watch out for this one!)

o Antitrust, restraint of trade, unfair competition

o Regulatory Taxes, Fines & Penalties

o Deliberate failure to report

o Electrical or mechanical failures

o Telecommunications interruptions

o Failure to follow Minimum Required Practices

Please use this “Check List” and sit down and have a frank conversation with your insurance professional before you have an uncovered cyber claim. All 50 states have privacy regulation on the books and HIPPA and HITECH regulations have put some real teeth behind penalties for violations of privacy and inadequate network security. Don’t get bit.