Comparison Studies Below
Aggregate Limit of Cyber Liability Coverage
1st Party Named Malware
Company ‘A’: $50,000
This coverage will activate when a contracted third party Suffers a cyber attack by means of malware. As an example, let us take for instance a payroll company. In this case, the payroll company would be the 3rd party and let us say the insured is the customer of said payroll company. The insured being the 1st party and the payroll company being the 3rd party. In the example, the insured has a contract with the payroll company for services relating to payroll and wage/hour type of records, Then, the payroll company systems are hacked through a named malware attack. As a result, all of the employee personal information from the insured is stolen. In this case in particular, the insured would only have $50,000 in coverage under the Company ‘A’ plan.
* The current insurance program under Company ‘A’ requires a malware attack to be identified and named by a governing body in order to substantiate the claim. For instance the malware attack must be recognized by one of the following: CERT Coordination Center, McAfee, Secunia, Symantec, or any other comparable 3rd party related business in the field.
* Company ‘B’ does not need a malware attack to be named specifically by a governing body in order for coverage to be provided.
Cyber Extortion and Ransom Service
Company ‘A’: $10,000
Social Media Engineering Fraud
Company ‘A’: No Coverage
Company ‘B’: $250,000
In the event that a group of individuals or an entity commits a single or a series of acts, against the insured or it’s employees, with the intention of gaining trust for the purpose of using that trust to maliciously gain access to Shaler systems, such an event would have been covered under the Company ‘B’ policy. Such an event would NOT be covered under the Company ‘A’ cyber insurance coverage.
Neglected Software Coverage
Company ‘A’: No Coverage
(decreasing scale starts after 45 days)
Quite often businesses will sunset certain programs or business workflow systems. That is, most businesses will stop use of software programs at some point during their operation to make way for improvements or otherwise. The old software programs could be an easy target for criminal enterprises to gain access to personal information as well as business information. Typically older software programs have less security and
cyber incident deterrents than their newer counterparts. If the insured were to sunset their old email server, forgetting or failing to property secure that ‘no longer used’ software, that would NOT be covered under Company ‘A’’s ‘Cyber Suite.’ The proposed insurance program does offer $1,000,000 in coverage on a sliding scale. That is, if a neglected program has been sunset for 46-90 days, there would be $500,000 in coverage, 91-180 days =$250,000. After 366 days the proposed insurance plan would provide $50,000 for cyber incidents occurring due to the use of neglected or forgotten software.