What are the five main areas covered under cyber liability?
Not all cyber liability insurance policies are created equal, and cyber insurance coverage can vary between carriers and policies. To adequately protect your organization against digital risks, look for coverage that will make your organization whole if you experience one of the most common cyber events.
Funds transfer fraud coverage can replace or clawback fundsOne of the easier ways to monetize cyber crime is through funds transfer fraud (FTF), which threat actors often perpetuate through social engineering techniques like phishing or business email compromise (BEC). Once criminals have access to your business mailbox, they can manipulate your contacts and modify payment instructions, sometimes without even triggering any security alerts. Funds transfer fraud coverage should cover incidents where a cyber criminal misdirects funds. Coalition's claims team will work with law enforcement and the appropriate financial institutions to attempt to retrieve the funds. |
Restoration and remediation of Digital Assets against Cyber Extortion and Ransomware attacksIt has become clear that all organizations are vulnerable to this persistent digital risk of ransomware attacks, and organization size is not a predictor of risk. Paying such an exorbitant $1.8M ransom may prove untenable for many businesses. Cyber extortion coverage can cover the costs of the ransom itself, but policyholders should evaluate the hidden costs of remediating these attacks. In addition to covering the ransom fees, cyber insurance can also cover digital asset restoration to restore critical business data that may have been encrypted, damaged, or deleted during the ransom attack. If employee or customer information was exposed as a result of the attack additional coverages may apply to the legal and reporting fees that result. | Emerging digital mitigated by Service Fraud and Computer Replacement coverageTwo emerging digital risks include service fraud (cryptojacking) and bricking can be devastating for businesses not covered by a general cyber policy. Cryptojacking occurs when a cyber criminal steals an organization's computing resources to mine cryptocurrency for their benefit. A Service Fraud endorsem*nt covers the direct financial losses a business faces when charged for fraudulent use of cloud-and internet-based services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Network as a Service (NaaS), IP Telephony and more. If devices on your network have seemingly suffered no physical damage, but malware has rendered them unusable, you've been a victim of bricking. There is no way to restore a bricked computer. Computer Replacement coverage will replace all impacted devices. |
Network & Info Security Liability & Regulatory Defense & Penalties coverage to mitigate digital vendor riskToday, businesses commonly rely on vendors to store sensitive customer and employee data in the cloud. In many cases, they also rely on these vendors to conduct critical functions, including processing the company's accounts receivable or other essential IT-related activities. Should one of these cloud vendors experience a cyber incident, it can be costly to all businesses that rely upon the vendor's platform. Specifically, companies could be exposed to privacy claims, regulatory fines, and other business interruption costs, including lost income and extra expenses to get their operation back up and running. Even if your third-party vendor has cyber insurance, your contract with them may limit their liability to you. With Network and Information Security Liability (NISL) and Regulatory Defense and Penalties coverage, businesses can transfer your third-party liability risk, mitigating their responsibility in the event of a claim related to one of their vendors. Additionally, cyber insurance policies with Business Interruption and Extra Expense coverage address first-party losses from reliance on cloud vendors. | Bodily Injury and Property coverage help when digital risks become physicalAs digital infrastructure becomes more advanced and integrated into your business operations, the boundary between cyber and physical security has become increasingly blurred. For example, a cyberattack on a medical organization's network could impact the health and safety of patients undergoing treatment by disrupting the connected medical devices. Likewise, a manufacturing company's operations could be shut down entirely if connected machinery is attacked and cannot be accessed, such as in a ransomware attack, or destroyed with malicious commands sent to the machinery, causing it to perform unwanted actions. Unfortunately, general liability (GL) policies typically do not cover physical or non-physical risks resulting from a cyber incident. However, suppose your cyber insurance coverage includes Bodily Injury and Property and Pollution coverage (first and third-party). In that case, your organization can remain protected from digital risks that translate to physical impacts. |