Cyber Insurance

Comparison Studies Below

Aggregate Limit of Cyber Liability Coverage | 1st Party Named Malware | Cyber Extortion and Ransom Service | Social Media Engineering Fraud | Neglected Software Coverage

Aggregate Limit of Cyber Liability Coverage

Company ‘A’: $1,000,000

Company ‘B’: $1,000,000

Both Company ‘A’ and Company ‘B’ are offering $1,000,000 in total cyber liability coverages, but Company ‘A’ coverage has sub-limits at times 99% less than the total $1,000,000 aggregate. As an example, although Company ‘A’ has a $1,000,000 aggregate limit for Cyber Liability, there is only $10,000 in cyber extortion coverage available per occurrence under Company ‘A’’s Cyber coverage, whereas the Company ‘B’ program provides $1,000,000 per occurrence in some coverage areas (talked more about below, too). The other large disparity in coverage relates to dealing with the public opinion post cyber incident. Under the Company ‘A’ ‘Cyber Suite,’ there would only be $5,000 in coverage when dealing with public relations after a cyber event, whereas the proposed insurance plan would provide up to the policy limits – $1,000,000.

1st Party Named Malware

Company ‘A’: $50,000

Company ‘B’: $1,000,000

This coverage will activate when a contracted third party Suffers a cyber attack by means of malware. As an example, let us take for instance a payroll company. In this case, the payroll company would be the 3rd party and let us say the insured is the customer of said payroll company. The insured being the 1st party and the payroll company being the 3rd party. In the example, the insured has a contract with the payroll company for services relating to payroll and wage/hour type of records, Then, the payroll company systems are hacked through a named malware attack. As a result, all of the employee personal information from the insured is stolen. In this case in particular, the insured would only have $50,000 in coverage under the Company ‘A’ plan.

* The current insurance program under Company ‘A’ requires a malware attack to be identified and named by a governing body in order to substantiate the claim. For instance the malware attack must be recognized by one of the following: CERT Coordination Center, McAfee, Secunia, Symantec, or any other comparable 3rd party related business in the field.

* Company ‘B’ does not need a malware attack to be named specifically by a governing body in order for coverage to be provided.

Cyber Extortion and Ransom Service

Company ‘A’: $10,000

Company ‘B’: $1,000,000

Losses relating to your; information being held hostage, extorted, or any other threat to do digital harm are covered under this provision. This is by far the largest disparity between Company ‘A’ and Company ‘B’. Company ‘A’ does not include, or fails to mention, any threat of theft of digital currency, or cryptocurrency. Company ‘B’ DOES include coverage where cryptocurrency is the chosen method of payment or the subject of the ransom.

Social Media Engineering Fraud

Company ‘A’: No Coverage

Company ‘B’: $250,000

In the event that a group of individuals or an entity commits a single or a series of acts, against the insured or it’s employees, with the intention of gaining trust for the purpose of using that trust to maliciously gain access to Shaler systems, such an event would have been covered under the Company ‘B’ policy. Such an event would NOT be covered under the Company ‘A’ cyber insurance coverage.

Neglected Software Coverage

Company ‘A’: No Coverage

Company ‘B’: $1,000,000
(decreasing scale starts after 45 days)

Quite often businesses will sunset certain programs or business workflow systems. That is, most businesses will stop use of software programs at some point during their operation to make way for improvements or otherwise. The old software programs could be an easy target for criminal enterprises to gain access to personal information as well as business information. Typically older software programs have less security and
cyber incident deterrents than their newer counterparts. If the insured were to sunset their old email server, forgetting or failing to property secure that ‘no longer used’ software, that would NOT be covered under Company ‘A’’s ‘Cyber Suite.’ The proposed insurance program does offer $1,000,000 in coverage on a sliding scale. That is, if a neglected program has been sunset for 46-90 days, there would be $500,000 in coverage, 91-180 days =$250,000. After 366 days the proposed insurance plan would provide $50,000 for cyber incidents occurring due to the use of neglected or forgotten software.

If you need questions answered or want to learn more about Cyber and Data Security Coverage please call or contact our office.