From the February 6, 2012 issue of National Underwriter Property & Casualty • Subscribe!

A Lawyer’s Advice for Evaluating Your Cyber Coverage

Policies vary significantly from carrier to carrier—and even within the various forms of one company

Policyholders and insureds exposed to cyber risks would be well served to analyze carefully their insurance policies to determine exactly which coverages apply to them—and to see if any critical coverages are missing.

Cyber Liability insurance should provide coverage for the vast majority of key cyber risks, and there may also be overlapping coverage under other policies for such exposures.

The first place that a company should look to determine whether it has, or may have, coverage for cyber risks is any specific Cyber Liability policies that the entity holds. A very close look at these policies is warranted, as the coverage under such policies often varies significantly from carrier to carrier—and even within the various forms that one particular insurance company offers.

Note that just because a policy is sold as a cyber-insurance policy, the insurance company will not automatically agree to cover or defend against potential liabilities for all cyber risks. Cyber-insurance policies are relatively new and not as regulated as more traditional insurance policies; the market for cyber coverage is referred to in some circles as the “Wild West” of insurance.

Cyber policies are often sold with various coverage modules, provisions and insuring agreements, allowing for companies to cherry-pick the specific coverages they want to purchase. Because of the variety of options offered in the marketplace and the potential to select specific risk protections, a careful review of the policy form before a claim arises is critical.

When reviewing Cyber Liability policies from the highest level, the buyer should determine whether there is coverage for so-called first-party risks and third-party risks (see above chart).


Entities should consider closely whether their policies provide coverage for privacy breaches even before there has been a claim—to ensure that coverage exists for costs incurred immediately after the discovery of a data breach—including investigation and notification costs. (These costs may be referred to as “voluntary notification” costs among those in the industry, though they may not truly be “voluntary.”)

Certain cyber-insurance policies exclude coverage for costs relating to breaches of contract; so those entities handling data on behalf of contracting partners should consider how such an exclusion would affect the entity’s ability to handle a cyber incident that leads to breach-of-contract damages.

Although many non-cyber policies purport to exclude such damages, data-breach-based class actions often seek such damages. Entities should also consider whether there is coverage for any security audits that may be required by certain third parties, such as business partners.

As to first-party risks, the entity should consider protection for data loss or corruption; the inability to access data; and the inability to conduct business due to the inaccessibility of the various cloud-computing platforms on which the entity relies or provides to clients. The trigger for such coverage should not be limited to a “physical” cause of loss and should be broad enough to include cyber attacks, data breaches, hackings and other crime. 



Resource Center

View All »

Complimentary White Paper: The Compression of Workplace Time

How brokers and carriers respond to the compression of workplace time will create significant competitive...

The Changing Insurance Consumer: 6 Ways to Create Profitable Relationships

Today’s mobile and web-savvy consumers have new expectations when it comes to interacting with your...

Contractors General Liability Coverage 102

What is a prior work exclusion? Which option is right for my client? Why do...

Sign up today to get a 50% matching credit -...

Insurance marketing sometimes seems like it's a game of swings and misses, but we're here...

Guide: 5 Steps to Selling Cyber

Cyber risk and data security is on the agenda of every business owner and executive....

Citation Correlation

Do rigger and signalperson qualifications correlate with the cause of crane and rigging accidents? ...

Complete Guide to Electronic Signatures in Property & Casualty Insurance...

In property and casualty insurance, closing new business quickly is key. Learn how to leverage...

INSTANT ACCESS: Complimentary Sales Closer Questionnaires

Help property owners or managers compare your commercial residential property insurance coverage vs. the competition....

Determining Vacant Property Perils and Valuations

Are your clients fully covered for Vacant Properties? In this economic climate, your insureds may...

Risk Management for Law Firms

This package of 3 concise risk management articles offers straightforward content and practical suggestions law...

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.