Cyber Insurance

Three Elements To Consider About Cyber Insurance

  1. Risk Mitigation – How to reduce the odds or severity of something happening

  2. Risk Transfer – How to contractually shift a portion of our risk to someone else

  3. Response / Recovery – After an incident has occurred, what are the options available and next course of action


How Do Incidents Occur?

Identify the Exposure

External Threats

  • Hackers

  • Viruses

  • Social Media

  • Third-Party Vendors – exposure of protected data resulting from the breach of a third party, such as cloud or payroll providers.

  • Changing Regulatory Environment – New laws and regulations are introduced causing additional regulatory exposure 


Internal Threats

  • Rogue Employees

  • Human Error

  • Mobile Devices

What is covered?

Cyber attack

First Party

  • Incident Response – from an actual or suspected cyber event 

  • Business Interruption – loss of net profit and continuing operating expenses

  • Data and System Recovery – increased cost of work, data recovery costs, additional business interruption mitigation

  • Cyber Extortion – extortion payments and negotiation

cyber crime

Thirty Party

  • Privacy and Network Security Liability – liability following data breach or failure of network security:

  • PCI DSS Contractual Fines and Penalties

  • Consumer Redress Fund

  • Regulatory Fines and Penalties (where legally insurable) – GDPR

  • Media Liability – liability following defamation or infringement online

The Highlights

  • Contingent Business Interruption – for outsourced technology providers

  • System Failure Triggers – human error, programming errors, power failure

Crime Insurance


  • Emergency incident

  • Response expenses within 48 hours for SME and Middle Market insureds – nil deductible

  • Betterment costs – improvement of software and applications

  • Cyber crime – direct financial loss following cyber theft

  • Reward expenses

  • Telecommunications fraud

  • Pay on behalf for incident response expenses

  • Flexible incident response providers

  • Rogue employee

  • Voluntary notification

  • Voluntary shutdown

  • By endorsement: Reputational Harm Extension, Social Engineering Fraud

  • Cyber terrorism

  • Worldwide coverage