As previously outlined here and here, cyber insurance policies are continually being updated to provide new and innovative coverages in light of today’s new and increasing cyber risks. I highlight some of the latest cyber coverage offerings here.
Post-Breach Cyber Mitigation Coverage
At least one insurer is now helping its insureds reduce the risk of future cyber events. This carrier offers coverage for 1) an information security risk assessment; 2) an information security gap analysis; 3) development of an information security document set; and 4) an information security awareness training session. The coverage is available after an insured has suffered a covered cyber event under the policy form.
Cryptojacking and Botnetting Coverage
Coverage is now available under at least one policy for losses resulting from cryptojacking and botnetting, two of today’s most rampant cyber exposures. Cryptojacking means the unauthorized use of the insured’s computer system to mine cryptocurrency. Botnetting means the unauthorized use of the insured’s computer system to launch a denial of service or hacking attack against a third party.
As discussed here, many cyber insurers now offer comprehensive “social engineering” coverage for situations where the insured is fraudulently induced to transfer money to a cyber criminal. In addition to that coverage, at least two insurers now offer coverage for the insured’s lost income or profits because of fraudulent electronic communications designed to impersonate the insured.
Broader Contingent Business Interruption Coverage
At least two carriers have expanded their contingent business interruption coverage beyond situations where the insured’s computer system is degraded or interrupted due to a cyber event affecting certain service providers. Under the new forms, coverage also can be triggered by non-cyber events, such as an accidental system failure, software patching, or software updates, affecting the insured’s service providers. One carrier also has broadened the range of relevant service providers to certain non-technology entities.
Coverage for Fake Cyber News
One insurer has expanded on market-standard reputational harm coverage, which typically provides reimbursement for loss of income or productivity resulting from damaging cyber news stories about the insured. The new coverage also applies to fake news stories.
These coverages may not be available from all insurers and they may to subject to sublimits and other important policy provisions. Companies are urged to keep their eyes on the constantly evolving cyber insurance market and take advantage where appropriate of emerging coverages that can provide important protection against new cyber risks.