Cyber Liability Insurance Coverage
A data security breach is more likely than a three-alarm fire. With targeted attacks on the rise, a
security breach is no longer an “if” but a “when”. Planning for a security breach is essential,
including both risk management practices and the protection of a Cyber Liability Insurance policy.
The following core coverages are found only in a Cyber Liability Insurance policy:
• Network Security Liability: Network connection exposures such as failure to secure sensitive or
confidential information, creating vulnerabilities in a vendor or client system, or transmission of
Network Security Liability Claim: A safety consultant backed-up client data to an unsecured
server, accidently exposing over 30,000 client records. The client had to issue notifications and
provide credit monitoring, and then sued the safety consultant for the total costs of over
• Privacy Liability: Losses arising out of failure to secure physical records/documents, personal
electronic devices, or computer data, including computer back-up mediums.
Privacy Liability Claim: A healthcare provider left boxes of medical records in the driveway of a
physician, exposing the confidential data of over 8,000 patients. Above and beyond costs of
notification and credit monitoring, regulatory fines and penalties were $800,000.
• Internet Media Liability: Exposures related to maintaining an internet presence including
content contained on a we site, transmitted via email, or posted via social media. Claims include
personal and advertising injury, intellectual property infringement, and personal injury torts such
Internet Media Claim: A photographer sued a real estate services firm in federal court for using
photographs without permission. The real estate services firm paid approximate defense and
settlement costs of $600,000.
• Breach Response and Notification: Costs to comply with statutory breach notification
requirements, including forensics, crisis management, credit monitoring, call center services, and
Breach Response and Notification Example: A hacker accessed the financial aid database of a small
university, which required a forensic audit to determine that 18,000 records had been compromised.
Forensic, notification, call center, and credit monitoring costs exceeded $120,000.
• Cyber Extortion: Cyber extortionists cause or threaten harm if ransom funds are not paid.
Examples of cyber extortion include threats to release confidential information, to block system
access, or to damage systems.
Cyber Extortion Claim: A hacker posing as an independent contractor installed a data time-bomb in
the management system of a small laboratory, and then demanded that funds be transferred to an
off-shore account. Computer forensics to find and disable the malware, secure all servers, and
change all encryption keys exceeded $10,000.
• Additional Coverages Available: Network Business Interruption covers lost income arising from
scenarios such as th inability to process credit cards, or stoppage of manufacturing line dependent
on the network.
Data Restoration Cost coverage responds to scenarios including a hacker deleting key data and
software programming, or a disgruntled former employee damaging servers and back-up data.