IRMI Main Logo


Home > Glossary

Cyber And Privacy Insurance

Cyber and Privacy Insurance

Definition

Cyber and Privacy Insurance — a type of insurance designed to cover consumers of technology services or products. More specifically, the policies are intended to cover a variety of both liability and property losses that may result when a business engages in various electronic activities, such as selling on the Internet or collecting data within its internal electronic network.

Most notably, but not exclusively, cyber and privacy policies cover a business' liability for a data breach in which the firm's customers' personal information, such as Social Security or credit card numbers, is exposed or stolen by a hacker or other criminal who has gained access to the firm's electronic network. The policies cover a variety of expenses associated with data breaches, including: notification costs, credit monitoring, costs to defend claims by state regulators, fines and penalties, and loss resulting from identity theft.

In addition, the policies cover liability arising from website media content, as well as property exposures from: (a) business interruption, (b) data loss/destruction, (c) computer fraud, (d) funds transfer loss, and (e) cyber extortion.

Cyber and privacy insurance is often confused with technology errors and omissions (tech E&O) insurance. In contrast to cyber and privacy insurance, tech E&O coverage is intended to protect providers of technology products and services, such as computer software and hardware manufacturers, website designers, and firms that store corporate data on an off-site basis. Nevertheless, tech E&O insurance policies do contain a number of the same insuring agreements as cyber and privacy policies.
Links for IRMI Online Subscribers Only: PLI XVIII.L; PracRisk, Topic G-21, G-33, G-34

Related Terms

Technology Errors and Omissions Insurance (Tech E&O)

A type of insurance designed to cover providers of technology services or products. For example, data storage companies and website designers provide technology services, while computer software and computer manufacturers offer technology products.

Tech E&O policies cover both liability and property loss exposures. Major liability insuring agreements include losses resulting from: (1) technology services, (2) technology products, (3) media content, and (4) network security breaches. Key property insuring agreements provide coverage for extortion threats, crisis management expense, and business interruption.

Tech E&O insurance is often confused with cyber and privacy insurance. In contrast to tech E&O coverage, cyber and privacy insurance is intended to protect consumers of technology products and services. Nevertheless, cyber and privacy insurance policies do offer a number of the same insuring agreements as tech E&O policies.

Information Security and Privacy Liability Coverage

An insuring agreement contained within policies written to cover claims caused by data breaches. Such policies are most often termed "cyber and privacy insurance," "information security and privacy insurance," or "cybersecurity insurance."

This insuring agreement covers the insured's liability for damages resulting from a data breach. Such liability most often results from (1) loss, theft, or unauthorized disclosure of personally identifiable information (PII) in the insured's care, custody, and control; (2) damage to data stored in the insured's computer systems belonging to a third party; (3) transmission of malicious code or denial of service to a third party's computer system; (4) failure to timely disclose a data breach; (5) failure of the insured to comply with its own privacy policy prohibiting disclosure or sharing of PII; and (6) failure to administer an identity theft program required by governmental regulation or to take necessary actions to prevent identity theft. In addition, this insuring agreement covers the cost of defending claims associated with each of these circumstances.

The information security and privacy liability insuring agreement is the true liability coverage component of a cyber and privacy insurance policy because it pays actual liability losses sustained from claims made against the insured by various parties. In contrast, the privacy notification and crisis management expense coverage insuring agreement addresses the so-called immediate response costs associated with a data breach, making payments on a "no fault" basis and without admission of liability.

Similar to other cyber and privacy insurance policies, information security and privacy liability coverage is subject to an annual aggregate limit and an annual aggregate deductible.

Privacy Notification and Crisis Management Expense Coverage

An insuring agreement contained within policies written to cover claims caused by data breaches. Such policies are most often termed "cyber and privacy insurance," "information security and privacy insurance," or "cybersecurity insurance."

Privacy notification and crisis management expense coverage includes the cost of (1) hiring a forensics expert to determine the cause of the breach and suggesting measures to secure the site and prevent future breaches, (2) hiring a public relations agency to assist the insured in dealing with the crisis, (3) setting up a post-breach call center, (4) notifying affected individuals whose personally identifiable information (PII) has been compromised, (5) monitoring these individuals' credit (usually for 1 year), and (6) paying the costs to "restore" stolen identities as a result of a data breach (e.g., expenses of notifying banks and credit card companies).

Privacy notification and crisis management expense coverage addresses the so-called immediate response costs associated with a data breach. This insuring agreement makes payments on a "no fault" basis and without admission of liability (as is the case under "medical payments" coverage, included in a homeowners or personal auto policy (PAP)). The intent of such payments is to discourage affected customers from making claims associated with a data breach. In contrast, the information security and privacy liability insuring agreement is the true "liability" coverage element of a cyber and privacy policy since it responds to lawsuits and pays liability losses from claims made against the insured by various parties.

Similar to other cyber and privacy insurance policies, privacy notification and crisis management expense coverage is subject to an annual aggregate limit and an annual aggregate deductible.

Regulatory Defense and Penalties Coverage

An insuring agreement contained within policies written to cover claims caused by data breaches. Such policies are most often termed "cyber and privacy insurance," "information security and privacy insurance," or "cybersecurity insurance."

This insuring agreement covers the costs of dealing with state and federal regulatory agencies (which oversee data breach laws and regulations), including (1) the costs of hiring attorneys to consult with regulators during investigations and (2) the payment of regulatory fines and penalties that are levied against the insured (as a result of the breach).

Regulatory defense and penalties coverage is one of the rare types of insurance that affirmatively covers fines and penalties. (Most types of insurance exclude these items because covering fines and penalties is usually considered contrary to public policy.)

Since data breaches typically involve customers residing in multiple states and because each state has its own unique set of laws and rules, regulatory defense and penalties coverage is especially valuable, given the need for insureds to deal with multiple sets of regulators.

Similar to other cyber and privacy insurance policies, regulatory defense and penalties coverage is subject to an annual aggregate limit and an annual aggregate deductible.

Related Products

D&O MAPS

Your comprehensive resource for directors and officers liability exposures and coverage. Easily compare the leading insurers’ policies with detailed analyses of more than 250 D&O forms. Includes the D&O policy explorer. Learn More

Professional Liability Insurance

Your one-stop shop for information about D&O, EPL, Professional liability, and more. The policy analyses and comparisons will help you determine which policies are best, and design the broadest coverage. Learn More

Employment Practices Liability Consultant

Provides the tools you need to develop leading-edge risk management and insurance solutions for these daunting loss exposures. Learn More

The Betterley Report - Cyber and Privacy Insurance

Cyber/Privacy Insurance—This report covers liability for data breaches in which a customer's personal information, such as credit card numbers, is exposed or stolen by a hacker (or other criminal) who has gained access to the firm's electronic network. Learn More

The Betterley Report - Employment Practices Liability

Employment Practices Liability Insurance—This report covers liability arising from the employment process, including: wrongful termination, discrimination, sexual harassment, retaliation, and miscellaneous inappropriate workplace conduct, such as defamation, invasion of privacy, and failure to promote. Learn More

The Betterley Report - Intellectual Property and Media Liability

Intellectual Property and Media Liability Insurance—This report covers the following legal expenses incurred by a business: to defend against lawsuits alleging that it has infringed on a patent, trademark, or copyright; and to pay such costs when its own intellectual property has been infringed upon and must enforce its rights Learn More

The Betterley Report - Private Company Management Liability

Private Company Management Liability Insurance—This is a form of errors and omissions coverage for a privately-held company. It is designed to cover not only directors and officers, but also managers and employees, when they incur liability while performing their duties for the organization. Learn More

The Betterley Report - Technology Errors & Omissions

Technology Errors & Omissions Insurance—This report covers liability incurred by providers of technology services or products, such as data storage companies and website designers. The policies most frequently cover liability for data breaches and other losses not involving bodily injury or property damage. Learn More

Risk & Insurance Package

This is THE reference package for any risk or insurance professional who works in specialty lines. Learn More

The Betterley Report - Cyber 3 Pack

Detailed evaluations of three specialty insurance products: Cyber/Privacy Insurance, Technology Errors & Omissions Insurance, and Cyber Insurance for Healthcare. Learn More

The Betterley Report - Management 3 Pack

Detailed evaluations of three specialty insurance products: Employment Practices Liability Insurance, Private Company Management Liability Insurance, and Intellectual Property and Media Liability Insurance. Learn More

The Betterley Report - 6 Pack

Detailed evaluations of six specialty insurance products: Cyber/Privacy/Media Liability Insurance, Employment Practices Liability Insurance, Cyber Insurance for Healthcare, Private Company Management Liability Insurance, Intellectual Property and Media Liability Insurance, and Technology Errors & Omissions Insurance. Learn More

The Betterley Report—Cyber Insurance for Healthcare

This report provides an overview of the market conditions and coverage trends related to cyber and privacy insurance for healthcare organizations. Readers will not only better understand the cyber exposures faced by healthcare organizations, but they will also be provided with incomparably detailed side-by-side comparisons of the leading insurers writing coverage for this segment. Learn More

Social Media
User ID: Subscriber Status:Free