What does cybersecurity insurance cover?

Cyber insurance is basically designed to protect businesses against financial losses resulting from cyber attack incidents. Policies mainly provide two types of protection, namely first-party and liability coverage. Here’s what these different types of coverages pay out for.

First-party coverage

This type of coverage pays the financial losses due to cyber incidents it's including the cost of responding to a data breach, damaged data lost income resulting from business obstruction restoring and recovering losses, ransomware attack payments, and risk assessment of future cyber attacks. Also, most of the policies also cover the cost of informing customers about the incident and providing clients with anti-fraud services.

Liability coverage

Policies mainly cover court and settlement fees, and regulatory fines. Also referred to as third-party liability coverage, this provides financial protection against lawsuits filed by third parties, including customers, employees, and vendors, for damages caused by a cyberattack on the business

1. Hiscox

Rating: 4.9

Policy name: Cyber Security Insurance

• Privacy, data, and network exposures

• Costs to respond to a breach, including access to pre-and post-breach response services

• Employee cyber training program includes certificates of completion

• Costs of defending and resolving claims for statutory violations, negligence, regulatory investigations, and breach of contract

• Optional coverage for cybercrime, cyber deception, social engineering, and business interruption

• Worldwide coverage

2. Chubb

Rating: 4.8

Policy name: Cyber Enterprise Risk Management (Cyber ERM)

• Coverage designed to address evolving regulatory, legal, and cybersecurity standards

• Easy-to-read form

• Clearly labeled exclusions with competitive carve-backs

• Payment card loss coverage built into the base form

• Discovery-based coverage at a control group level

• Enhanced business interruption and extra expense language coverage

• Broadened definition of protected information includes biometrics, internet browsing history, and personally identifiable photos and videos

• Extortion expenses explicitly include Bitcoin and other cryptocurrencies

• Coverage territory is applicable anywhere in the world

3.AIG

Rating: 4.7

Policy name: CyberEdge

• Third-party claims arising from failure of the insured’s network security or a failure to protect confidential information

• Investigation and defense of regulatory actions arising from failure of the insured’s network security or a failure to protect confidential information

• Payment Card Industry Data Security Standard (PCI-DSS) assessments

• Costs of notifications, public relations, and other services to assist in managing and mitigating a cyber incident

• Legal consulting and identity monitoring costs for victims of a breach

• Forensic investigation costs

• Costs to restore electronic data

• Business interruption and certain expenses due to a covered cyber event

• Reimbursement of ransom payments

3= The Hartford

Rating:4.7

Policy name: CyberChoice

• Data privacy and network security liability coverage

• Coverage for privacy regulatory matters

• Media liability coverage

• Incidence response coverage

• Cyber extortion coverage

• Network asset restoration expenses

• Business interruption costs

• Dependent business interruption costs

• Pre-claim assistance

• Post-incident remediation expenses

5 CNA

Rating: 4.6

Policy name: Cyber Insurance

• Network failure costs

• Dependent business income

• Wrongful collection coverage

• Broad media coverage

• E-theft and social engineering coverage

• Reputational harm

• Voluntary shutdown

• Payment Card Industry (PCI) coverage

6= Arch Insurance

Rating: 4.5

Policy name: Arch Netsafe 2.0

• System failure coverage

• Dependent business interruption coverage

• PCI-DSS assessments and regulatory fines and penalties

• First-party data incident response expense

• “Bring Your Own Device” included within computer system definition

• Carve-back for cyberterrorism

• Carve-back to the contract exclusion for PCI

• Data security and non-disclosure agreements

• Media liability coverage

• Coverage available for business interruption and cyber extortion

6= Hanover

Rating: 4.5

Policy name: Cyber Advantage

• Privacy and security liability

• Breach event expense

• Breach reward expense

• Cyber business interruption and extra expense

• Cyber extortion response costs

• Cyber theft

• Breach at a third-party

• Cyber media liability

• Fines and penalties

8. Intact

Rating: 4.4

Policy name: Privacy Breach Coverage

• Remediation expense coverage

• Business interruption coverage

• Legal expense coverage

• Worldwide coverage for up to 60 days

• Cyber extortion

• Smart phone coverage

9= Axis

Rating: 4.3

Policy name:: Axis Cyber Insurance (ACI)

• Business interruption:

• Includes voluntary shutdown of the business’ network

• Generous period of restoration up to 180 days

• Reputational harm coverage for 12 months

• Forensic accounting costs to prepare proof of loss documentation

• Interim payments to increase the speed with which claims are covered

• Other first-party coverage considerations:

• Coverage for undiscovered cyber events

• Most cover is on a “Pay” rather than “Reimburse” basis to help manage cash flow following a cyber incident

• Data recovery includes upgrades

• Funds to replace electronic devices and equipment

• Cybercrime cover for social engineering, business email compromise, cryptojacking, and theft of telecommunications services

• General coverage considerations:

• Privacy regulatory cover includes GDPR and CCPA and other consumer privacy protection laws

• Cover for private actions under BIPA and other law regulating collection and use of biometric information available by endorsement

• Privacy incident includes all activities regulated under a privacy regulation

• PCI-DSS covers card re-issuance costs, fraud, and administrative reimbursement assessments, forensic investigation costs, fines, and penalties

• Cyber terrorism

9= Beazley

Rating: 4.3

Policy name: Beazley Breach Response (BBR)

• Up to $5 million coverage for data breach notification and credit/identity monitoring

• Privacy breach response services include:

• Legal and computer forensic services

• Discretionary notice to individuals potentially affected by the breach

• Resolution and mitigation services,

• Identity theft-related fraud resolution services

• 12 free months of identity monitoring

• Theft, loss, or unauthorized disclosure of information held by business associates for organizations required to comply with the Health Insurance Portability and Accountability Act (HIPAA)

• Third-party coverage includes:

• Third-party information security and privacy coverage with up to $15 million in limits in addition to the breach response coverage

• Regulatory defense and penalties

• Website and offline media liability

• PCI fines, penalties, and assessments

• Cyber extortion

• First-party business interruption and data protection with limits up to $15 million.