The cost of dealing with a data breach goes beyond repairing databases, strengthening security procedures or replacing lost laptops. Regulations requiring notifications of affected customers also drive costs for companies in which a data breach compromises personal or confidential data. Traditional business insurance may not be enough to protect companies from cybercrime. But just how does cyber insurance work?
Typically, there are a number of different coverages available. To have the coverage that is right for your company, you and your agent can work together to tailor the coverages based on the specific risks your business faces. Following are some explanations of typical elements of a Travelers cyber insurance policy.
Third-Party (liability) and First-Party Coverage
What it does: Companies have an obligation to keep their customers’ protected health information (PHI) and personally identifiable information (PII) confidential. They may face potential liability if the information is exposed in a data breach. This coverage protects companies for liability to others and reimburses companies for expenses related to a data breach, which could include legal counsel and defense, a digital forensics team, notification costs, crisis communications and setting up a call center and credit monitoring for those affected by the data breach.
Why it’s important: Many companies store their customers’ confidential information, PHI and PII, as well as confidential corporate information, either for themselves or for another company. For example, an employee benefits company may have personnel records for the employees of dozens of companies it serves, which can mean that a single breach presents the potential for a significant liability.
What it does: Claims and events can occur anywhere in the world, and notification requirements differ by location. To help fulfill these requirements, policyholders can access Travelers’ network of forensics, crisis communications and legal experts to address claims made or events occurring anywhere in the world.
Why it’s important: If a company has a data breach, it must follow the privacy laws that govern where its customers live, not just where it is headquartered. This can be costly, confusing and time-consuming for a company without specialized resources.
Distinct Insuring Agreements (with the ability to set limits and retentions for each insuring agreement)
What it does: Having separate insuring agreements allows companies to be covered for different risks, at different levels. This gives companies more protection as companies can choose to set a higher limit for a specific risk, based on their business’ unique needs.
Why it’s important: There are a number of different ways that cyber crime can affect a company, from e-commerce extortion to funds transfer fraud. Having distinct insuring agreements helps protect against a diverse set of risks.
Extended Reporting Period
What it does: This gives companies more time to detect and report a data breach. It extends the reporting period, typically 90 days, and includes crisis management and security breach expense coverage.
Why it’s important: Given the nature of data breaches, a company might not realize that it suffered a breach until after the end of the cyber policy.
First-Party Coverage for Computer Program and Electronic Data Restoration Expenses
What it does: This coverage reimburses companies for expenses related to recovering from damages to computer programs and electronic data.
Why it’s important: Not all cyber claims are related to an actual data breach. For example, malware downloaded from an email could lead to lost, encrypted or otherwise damaged files, requiring expenses to repair and restore.
Business Interruption Coverage
What it does: This coverage applies to expenses and lost revenue due to a computer virus or denial-of-service attack that impairs a computer system.
Why it’s important: While many companies may have business interruption coverage as part of their property coverage, cyber crimes may not be covered.
Your coverage for security breach remediation and notification expenses would include purchasing an identity fraud insurance policy, credit monitoring services, computer forensics and access to a Breach Coach for advice regarding initial breach response.
Cyber insurance also can help protect you before a breach. Travelers customers have access to risk management services, cybersecurity experts and other resources to help prevent a data breach. Perhaps just as importantly, having cyber insurance can help prepare your company to respond effectively in the critical hours and days following a data breach.
Cyber Enterprise Risk Management
A Distinctive Level of Cyber Protection That Only Tech Insurance Solutions Can Offer
We have handled cyber incidents and underwritten cyber exposures for policyholders for more than fifteen years. Over this time, we have cataloged a considerable amount of loss data. A careful analysis of this proprietary data shows that the best way to combat the constantly evolving world of cyber risk is to implement a three-prong approach to cyber underwriting that incorporates risk transfer, loss mitigation services and post-incident services. Why? Because technology and cyber risks are enterprise-wide issues that require an enterprise-wide solution.
Policyholders will have access to coverage that builds on all of the cyber products that have come before it, incorporating insight gained from years of claims and underwriting experience. This premier coverage is backed by the financial strength of our carriers and supported by their extensive cyber services:
Loss Mitigation Services: Access to the tools and resources needed to address and gauge key areas of cyber security risks before an event occurs.
Incident Response Services: A diverse team of experts in the legal, computer forensics, notification, call center, public relations, fraud consultation, credit monitoring, and identity restoration service areas to help limit exposure to a loss when an event occurs.
Leading prodiver of cyber risk solutions since first product was launched in 1998
Extensive claims experience helping notify more than 300 million individuals of a privacy breach
Market-leading, highly customizable solutions to address clients’ unique needs, regardless of size, industry or type of risk
Cybercrime coverage by endorsement or explicitly provided under separate cover from industry-leading Fideltiy and Crime products
No minimum premiums; premiums scale for all sizes of risks based on scope of coverage and limits
Market-leading quoting platform offers online quoting and real-time policy issuance for eligible small risks. Referred risks received fast turnarounds from underwriters
Industry-leading coverage designed to address evolving regulatory, legal and cybersecurity standards and built to consider future changes
Easy-to-read from with structure aligned with the flow of a typical incident and presentation of Cyber Incident Response Expenses aligned with the typical flow of decision-making throughout an incident
Clearly labeled exclusions with competitive carve-backs
Payment Card Loss coverage built into the base form
Discovery-based coverage at a Control Group level
Includes enhnaced Business Interruption and Extra Expense language
Broadened definition of Protected Information includes biometrics, internet browsing history and personally identifiable photos and videos
Extortion Expenses explicitly include Bitcoin and other cryptocurrencies
Coverage Territory applicable to anywhere in the universe to address continued evolution of hosting and data storage
Third-Party Liability Coverage
Cyber, Privacy and Network Security Liability: Failure to protect private or confidential information of others, and failure to prevent a cyber incident from impacting others’ systems
Payment Card Loss: Contractual liabilites owed as result of a cyber incident
Regulatory Proceedings: Defense for regulatory actions and coverage for fines and penalties
Media Liability: Copyright and trademark infringement within scope of defined media content
Cyber Incident Response Fund: Legal fees, forensics, notification costs, credit monitoring, public relations, etc.
Business Interruption: Loss of profits and expenses from interruptions of insured’s systems; and with Contingent Business Interruption, adds losses from interruptions of others’ systems
Digital Data Recovery: Costs to restore or replace lost or damaged data or software
Telephone Toll Fraud: Costs incurred as phone bill charges due to fraudulent calling
Network Extortion: Payments to prevent digital destruction/impairment
Cyber Crime (by endorsement)
Computer Fraud: Third party accessing insured’s computers to take money
Funds Transfer Fraud: Third party tricking a bank into transferring funds from insured’s account
Social Engineering Fraud: Third party tricking an employee into transferring money
Professional and Cyber Risk Protection Exclusively for Technology Businesses
Technology is integral to the operation of most businesses today. When technology fails, the financial impacts can be significant, and the companies affected often seek compensation from their technology product or service providers.
Unfortunately, traditional liability policies aren’t designed to respond to pure financial claims.
Consider what would happen if your business was found legally liable for a financial loss because:
A glitch in your software caused your client to lose a month’s worth of billing data
Equipment you installed prevented your customer from receiving online orders for 48 hours
Your cloud-based data services failed to back up critical, unrecoverable data
The website you designed for a customer too closely resembled their key competitor’s site
Protection for Technology Exposures
In situations like these, you want to know that your business is protected. At Tech Insurance Solutions, we believe that professional and cyber risk coverages are essential parts of a comprehensive insurance program for all
technology companies. That’s why we developed our product suite which addresses the professional and cyber risk exposures for technology companies of all sizes. Together with our standard lines solutions, it can help provide protection for your business.
Read what satisfied customers have said about Tech Insurance Solutions.