Amid the increasing threat of hacking and cyber-attacks, businesses and organizations are now proactively buying robust cyber-insurance policy coverage. As a result, Cyber-insurance policy insurers are also expanding the scale and scope of policy coverage they offer to clients. However, what is covered under cyber insurance policies can vary from policy to policy. So while there are cyber-insurance standards that all policies maintain, and every insurance providers offer personalized policies to their clients.
Hence you must understand the items that are included vs. excluded from your cyber-insurance policy before you go ahead and invest in a policy for your business or organization.
Cyber-insurance is a relatively new space, and cyber-insurance coverage is yet to be fully standardized. Cybercrime is becoming increasingly sophisticated. Ascertaining and accurately assessing the damage to a business, both in revenue and reputation, can prove to be challenging. In addition, providers offer highly customized cyber-insurance solutions to their clients, which can again add to the confusion about what is included vs. excluded.
As mentioned above, cyber insurance policies don’t provide comprehensive and 100% coverage for every aspect of a cyber-attack. Here are some of the common exclusions in a cyber-insurance policy.
Any general liability policy will cover physical injury or property damage. This, however, is not true for cyber insurance policies. The premise for this distinction is that a person cannot sustain physical injury if their data is exposed anytime data theft happens due to a cyber-attack.
There is, however, an important caveat here to consider – a person whose data has been compromised can file a lawsuit against the business for mental anguish or distress. Some cyber-insurance policies cover the lawsuits filed by victims, while others may not provide any insurance coverage.
A standard intellectual property insurance policy offers protection against software, patent, and copyright infringement. For this reason, these claims are not covered under cyber insurance policies.
In some cases, however, cyber insurance policies can provide coverage for defense costs that are related to copyright infringement claims if the costs are incurred because of the actions of a third-party outsider or caused by a non-management employee.
Any damage incurred due to acts of terrorism, war, or political uprising, or insurrection – all of which can impact business operations is not covered by cyber-insurance policies.
However, cyber-attacks are a form of electronic terrorism. Businesses that want a more comprehensive coverage policy can discuss with their insurance providers to work on a solution that reduces the ambiguity within this space.
Employment-related privacy claims are typically covered under standard employment liability insurance policy, so they are not included within cyber-insurance policies.
Anytime you apply for a cyber-insurance policy, you are required to provide specific information on the kind of security best practices your business or organization has in place to deal with the potential threat of a cyber-attack.
If a cyber-attack takes place and the business or organization is found to be lacking vis-à-vis their security preparedness, your damage claim can be denied.
If a data breach happens because of an employee losing their company-issued device, some cyber-insurance policy providers might not cover the resulting damage incurred to the business.
Each of these cyber-insurance exclusions is subject to change depending on your insurance provider. Some of these exclusions may not apply to your policy.
As mentioned above, the space of cyber insurance is still relatively new. So there is still space for negotiations. However, the rising graph of cybercrime instances has the insurance community on guard as well since they are hard-pressed to strike the right balance between premiums collected and the number of claims.
The best defense against a cyber-attack is following stringent cyber-security protocols within a business environment. For this reason, cyber-insurance providers work closely with their business clients to ensure effective cyber-security measures and best practices are employed and maintained by the clients at all times.