What is Cyber Liability Insurance - Cyber Suite Comprehensive Insurance?
Cyber Suite is a comprehensive insurance solution designed to help businesses respond to a full range of cyber incidents including threats of unauthorized intrusion into or interference with computers system, damage to data and systems from a computer attack and cyber-related litigation.
Most entities hold the personal information of their customers and employees. All states have data breach laws that require companies to notify affected individuals if their personally identifying or personally sensitive information may have been compromised.
Who Needs this Coverage?
All companies that maintain data on their clients and employees have a responsibility to safeguard the data. However, businesses are vulnerable to data breaches, cyber attacks by computer thieves, and inadvertent releases of information.
Why do Businesses Need this Coverage?
All businesses need this coverage because:
- Typical General Liability policies do not cover data breaches and cyberattacks
- The majority of attacks are against small and mid-sized companies that lack the legal and public relations resources to respond to a breach*
- Every state has laws requiring business owners to notify affected persons of stolen or lost data
- A business that suffers a data breach needs to protect its own reputation and credibility
- Businesses may suffer severe financial burdens and losses of income due to cyber attacks
- All businesses are now becoming targets, not just big businesses
* Source: Small Business Trends
What does Cyber Liability Insurance cover?
A standard commercial insurance policy does not include coverage for losses associated with a cyber attack. GNY offers Cyber Suite cyber liability insurance to help businesses recover from a cyber attack. Cyber Suite covers a variety of expenses including:
Data compromise response expenses
- Forensic IT Review – Cost for a professional information technologist to review the nature and extent of the personal data compromise
- Legal Review – Cost for a professional legal counsel to review and develop a response for the personal data compromise
- Notification to Affected Individuals – Necessary and reasonable costs to provide notification of the personal data compromise to affected individuals
- Services to Affected Individuals – Cost to provide informational materials and a toll-free telephone helpline to affected individuals. Credit report and monitoring and identity restoration case management services provided for breaches involving personally identifying information
- Public Relations – Cost of a professional public relations firm review of the potential impact of the personal data compromise on business relationships. This includes necessary and reasonable costs to implement public relations recommendations
- Regulatory Fines and Penalties – Any fine or penalty imposed by law, to the extent such fine or penalty is legally insurable under the law
- PCI Fines and Penalties – Any Payment Card Industry fine or penalty imposed under a contract
Computer Attack
- Data Restoration – Cost of an outside professional firm hired to replace lost or corrupted electronic data
- Data Re-creation – Cost of an outside professional firm to research, recreate and replace data that has been lost or corrupted
- System Restoration – Cost of an outside professional firm to restore computer system to pre-computer attack functionality
- Loss of Business – Loss of Business Income and Extra Expense incurred during the period of restoration
- Extended Income – Coverage for the component of the business income that had still not recovered to historical levels after the period of recovery has completed
- Public Relations – Cost of the services of a professional public relations firm to assist in response communication
Cyber Extortion Expenses
Cost of responding to extortion threats which includes; the cost of a negotiator or investigator retained by the insured in connection with a cyber extortion threat; any amount paid by the insured in response to a credible cyber extortion threat to the party that made the cyber extortion threat for the purposes of eliminating the threat.
Misdirected Payment Fraud
Coverage when the insured is the victim of a wrongful transfer event - an intentional and criminal deception of the insured or a financial institution with which the insured has an account. The deception must be perpetrated by a person who is not an employee, using email, facsimile or telephone communications to induce the insured or the financial institution to send money or divert a payment. The deception must result in direct financial loss to an insured. The coverage provides reimbursement for the amount fraudulently obtained from the insured.
Computer Fraud
Reimbursement for the direct financial loss to an insured when an amount is fraudulently obtained from the insured as the result of unauthorized access to the insured’s computer system. The unauthorized access must lead to the intentional, unauthorized and fraudulent entry of or change to data or instructions within the computer system causing money to be sent or diverted.
Data Compromise Liability
Loss directly from personal data compromise or defense costs directly arising from a regulatory proceeding
Network Security Liability
Costs for defense (within the coverage limit) and associated settlement and judgment costs arising from an action brought by third parties who allege certain injuries as a result of a failure in the insured’s systems security.
In the case of a network security liability suit, the coverage provides for defense costs, as well as settlement and judgment costs subject to policy limits.
This is an abbreviated identification of available coverages. Please refer to the insurance policies themselves for a complete description of the coverages, limits, terms, conditions, and exclusions.
What Value Added Services Are Provided?
- Access to eRiskHub®, a risk management portal designed to help business owners prepare and respond effectively to data breaches.
- Access to “My Tech Support” which offers free computer diagnostics by phone and competitive rates for virus removal, technical assistance and related digital security services
- Claims managed by experienced cyber claim specialists
- Access to experts in recovering from cyber extortion and data breaches.
Not all products are available in all states and not all products are available in all multi-peril packages offered by GNY Insurance Companies. Please consult with your GNY affiliated broker for further information.
eRisk Hub® Risk Management Portal
A free service for GNY policyholders
Access to the eRisk Hub® portal is available to policyholders who have Cyber Suite coverage as part of their insurance program.
The portal offers a number of key features, including:
Incident Response Plan Roadmap
- Online training modules for security best practices
- Cyber risk assessments and management tools to manage data breaches
- Directory of external resources with expertise in cyber security disciplines
- A news center with current articles from industry resources
- A learning center with best practices and white papers
Click here to learn more and register for eRiskHub.
Contact your GNY affiliated broker to assess your business risk and determine if Cyber Liability insurance is needed.
Submitting a Claim to GNY
To submit a claim after a cyber liability loss refer to the guides here.