Cyber Insurance Essentials: A Guide to Inclusions and Exclusions

What is Cyber Insurance? Basically, a Cyber Insurance covers financial losses that a company can incur due to ransomware attacks, breaches of data, and other cyber incidents. It covers computer-related risks that are not covered by commercial property insurance or general liability. The cyber policies include direct expenses, like the cost of replacement of data loss and the amount spent on settlement and defending the lawsuits. Cyber Insurance should be bought if your business uses smartphones, laptops, or any other computer technology.

Inclusions

Now that you are aware of what is cyber insurance, let us check some of the benefits covered under cyber insurance.

  • Business interruptions

In the event of unfortunate revenue loss to the company due to a cyberattack that makes the computers offline, some of the losses may be covered under the cyber policies.

  • Threat response and remediation

Insurance may also include system repairs, incident response, forensic investigations, etc., required after a cyber-activity.

  • Legal expenses

Litigation expenses may also be covered under the cyber policies, like lawsuits filed by the clients. Some of the insurance companies may supply the representation legally for the insured company.

  • Data breach recovery

In case the hackers steal personally identifiable information (PII) or any other sensitive information such as credit cards or other social security numbers, cyber policies here then cover the costs of customers and provide services like credit monitoring.

  • Regulatory action

Some fields, such as healthcare and financial services, may face regulatory investigations due to cyber-attacks. The cyber policies may also include the audit costs, including any fines.

  • Reputation management

A company may require the hiring of a PR firm or take other steps to rectify its brand, followed by an attack. Some cyber policies will help discharge these costs.

  • Ransom payments

Some cyber policies include ransomware payments, but some insurance providers limit this coverage due to the high costs of ransomware.

Exclusions

  • Breaches of third parties

Where the vendors and partners are breached, a company can have its data stolen or services disrupted. It is not always that cyber insurance pays for these losses, but some of the insurers provide third-party breach coverage for an added cost.

  • Social engineering

As social engineering attacks like phishing manipulate people into compromising cyber security from the inside, it is not mandatory that cyber policies always cover all the losses. 

  • Insider threats

Insider threat losses such as malicious or negligent employees are seldom covered.

  • State-sponsored attacks

Some cyber policies consider these cyber-attacks as acts of war and do not include them.

  • Cyber-attacks that exploit a known vulnerability

Where the hackers exploit a flaw that the company already knew about but didn’t fix, in that case, cyber policies will not entertain the claim.

  • Network failures not caused by cyber attacks

Most of the plans do not cover outages caused by misconfigurations and other internal errors.

Conclusion

Any business that uses technology to operate a business is prone to a cyber-attack. Hacking can initiate enormous costs and business disruptions and damage your company’s reputation. The business can be protected by buying cyber insurance. A cyber policy includes many expenses, like the cost of notifying customers and reconstructing lost data. It will also cover settlements and legal costs resulting from lawsuits.