It’s been almost a year since I posted Cyber Insurance: It’s Not Just for Data Breaches, in which I noted that just as cyber and privacy threats have continued to evolve, cyber insurance policies also have evolved to provide greater protection against some of today’s most vexing and relentless cyber risks. In this post, I highlight some additional and innovative coverages that can provide real value to insureds following a cyber or privacy incident. As noted in last year’s article, not all these coverages are offered by all cyber insurers, and sublimits, retentions, and the precise policy terms and conditions should be carefully reviewed. Further, its important to note that some carriers offer similar coverages to those described below, but they may use different terminology to describe the coverage provided.
Although cyber policies typically exclude coverage for damage to tangible property, some carriers have introduced endorsements that are triggered when a hacking event causes the “bricking” (loss of use or functionality) of the insured’s computer hardware or electronic equipment by maliciously reprograming the software installed on that hardware or equipment. Bricking coverage applies to the costs to repair or replace the affected hardware or equipment when it would cost more to reinstall software.
- Consequential Reputational Harm
Some carriers are offering coverage for lost profits associated with the loss of current or future costumers because of reputational damage resulting from a covered cyber event. The lost profits must have been incurred during a “reputational harm period,” a designated window of time following discovery of the cyber event.
- Loss Adjustment Costs
Calculating the costs associated with a system damage or business interruption insurance claim can be complicated business, particularly when costs must be allocated to an uninsured waiting period designated in the policy form. Some cyber carriers are providing coverage for the cost to retain professionals, such as forensic accountants, to assist the insured in the calculation of its financial loss.
- Invoice Manipulation Loss
As noted in last year’s post, many insurers are now offering coverage specifically designed for phishing attacks and other schemes to trick the insured company into transferring funds to a fraudster instead of to an entity to which the insured owes money. Now, at least one insurer provides coverage to companies that have been unable to collect payment for their goods and services as a result of an “invoice manipulation loss.” Invoice manipulation means the release or distribution of a fraudulent invoice or payment instruction resulting from a security or privacy breach. The policy covers the insured’s net cost to provide the goods or services, exclusive of profits.
- Corporate Identity Theft
Coverage now is offered by some carriers for financial loss resulting from the fraudulent use of the insured’s electronic identity, including the establishment of credit in the insured’s name, electronic signing of contracts, and creation of a website designed to impersonate the insured.
Companies are urged to stay updated about the evolution of cyber insurance policies and to frequently evaluate their coverage in light of new insurance offerings, emerging cyber exposures, and their entity’s cyber risk profile.