Betterment coverage for costs to improve a computer system after a cyber security breach, when the improvements are recommended to eliminate vulnerabilities that could lead to a similar breach.
Breach Response Investigation costs incurred to investigate data breach; investigate potential indemnity.
Breach Response Notification costs incurred to notify individuals of breach.
Breach Response Public Relations costs incurred to hire public relations firm.
Breach Response Remediation costs incurred to remediate data breach (e.g., credit monitoring, call center, etc.).
Bricking this coverage responds to the physical harm which can be done to Hardware due to a Cyber incident rendering your computers, servers, other network equipment unusable.
Business Interruption is the loss of Operating Income and Profit during the period of time your network was shut down and you were not able to run your business.
Claim Expenses include reasonable and necessary legal fees, costs, and expenses incurred in the investigation, adjustment, defense, or appeal of a claim. They also typically include the cost of any bond or appeal bond required in any defended suit.
Class action lawsuits are large-scale data breaches have led to class action lawsuits filed on behalf of customers whose data and privacy were compromised.
Computer Fraud and Funds Transfer Fraud usually covered under a Commercial Crime policy, this is the stealing of money from a Bank account using a computer or other fraudulent means (non-physical attack).
Computer System means computer hardware and software, and the electronic data stored thereon, as well as associated input and output devices, terminal devices, data storage devices, networking equipment, components, software, and electronic backup facilities, including systems accessible through the internet, intranets, extranets, or virtual private networks.
Contingent Business Income is when you have suffered a financial loss because one of your IT vendors or supply chain partners has suffered a breach or covered loss.
Cyber Attack (Denial of Service Attack) is action preventing an information system from functioning in accordance with its intended purpose; the inability of an authorized third party to access the company’s Computer System; and the inability of an authorized third party to access his or her Computer System, where such inability is directly cause by the company’s Computer System.
Cyber Extortion losses and expenses arising out of a criminal threat to release sensitive information or bring down a system/network.
Cyber Incident Response -- coverage would be the cost associated with services and vendors triggered just because you have had a breach. These can include IT Forensic firms (to determine how the Bad Actors got in, what they did while in your network and what info they may have accessed or removed from your system [exfiltrated]), a Breach Coach (an Attorney who specializes in navigating the complexity of Cyber-attacks, their response, and your legal and contractual responsibility, Public Relations firms to manage your brand identity following a public disclosure, setting up a 24/7 call center for affected individuals, expenses for Notification of affected individuals, and offering ID Restoration and Credit Monitoring.
Damages/Loss includes the amounts the business is legally obligated to pay as a result of a covered judgment, award, or settlement; costs charged against the business in any suit; or pre-Indiana judgment and post-judgment interest and defense costs. It also includes punitive or exemplary damages where insurable by law.
Data Restoration Security Failure costs to restore lost data caused by security failure.
Data Restoration System Failure costs to restore lost data caused by system failure.
Denial of Service Attack is action preventing an information system from functioning in accordance with its intended purpose (see Cyber Attack).
Digital Data Recovery bad Actors can cause havoc to digital files and records and even network configurations – the coverage responds to the expenses to put your network and information back to pre-breach state.
Extra Expense means any reasonable and necessary expenses in excess of the business’s normal operating expenses that the business incurs during the Period of Restoration associated with restoring and resuming operations, including securing temporary third-party Internet Service Provider services, temporary website and/or email hosting services, rental of temporary networks, or other temporary equipment or service contracts.
First Party Claim a first party claim is brought by an insured under the insured’s cyber policyfor a loss that occurs because of loss or damage to the insured’s business.
Identity Restoration Services typically means consultation and assistance to an individual receiving notification services to determine whether identity theft has occurred, and, if so, to restore the individual’s identity to pre-theft status.
Invoice Manipulation in a business email compromise a bad actor can send your clients and vendors fraudulent payment instructions from your legitimate email address/outbox – If your business partner pays according to those fraudulent instructions, you could be out those monies because it originated from your legitimate email – you didn’t keep your network secure.
Media or Electronic Publishing Incident means the actual or alleged unintentional libel,slander, trade libel, or disparagement resulting from the insured electronic publishing. It also includes plagiarism, violation of privacy, infringement of a copyright or trademark, or an unauthorized use of titles formats, plots, or other protected material resulting from the insured’s electronic or media publishing.
Media Liability claim by third party in connection with the insured’s media content, which may include claim for trademark infringement, defamation, libel, product disparagement, copyright violation, or invasion of privacy.
Multi-factor Authentication MFA or more commonly referred to as Two Factor means something you know (for instance a username/ password combination) and something you have (a phone with SMS or authentication client).
Network/Computer System typically includes the computer hardware, software, and electronic data, as well as associated input and output devices, terminal devices, data storage devices, networking equipment, components, software, and electronic backup facilities, including systems accessible through the Internet, intranets, extranets, or virtual private networks.
Network Extortion this pays for the Ransomware Demand from Bad Actors, usually in a Crypto Currency.
Network Interruption – Contingent B loss of income arising from business interruption caused by third-party service failure (including mitigation expenses).
Network Interruption – Security Failure loss of income arising from business interruption caused by security failure (including mitigation expenses).
Network Interruption – System Failure loss of income arising from business interruption caused by system failure (including mitigation expenses).
Network Security Liability claim by third party arising from the insured’s failure of network security.
Network Security/Cyber Incident typically means any Unauthorized Access/Use of, or introduction of malicious code into, or Denial of Service Attack upon, the company’s Computer System, that directly results in an interruption in services, or the corruption of deletion of digital assets.
Notification expenses all 50 states have notification laws they will vary by state as to the requirements to notify customers if a data breach has occurred or is even just suspected.
Notification Services typically mean the preparation and distribution of notice letters from the insured advising individuals of the network security event and the availability of related resources if such notices are required by applicable law, as well as call center support services.
Payment Card Loss the Payment Card Industry can assess fines and penalties for harm done to their card holders because of your loss.
Period of Restoration is the period from which the business first suffered an interruption in service to the date and time it was restored (or could have been restored) with reasonable speed to substantially return to the level of operation that existed prior to the interruption. There is typically a limit on the policy that the period of restoration cannot exceed thirty days.
Personal Identifiable Information (PII) is information not available to the general public from which a person can be identified. This definition should be broad enough to include a person’s name, telephone number, Social Security number, medical or healthcare data, driver’s license number or state identification number, account number, credit and debit card number, or password.
Privacy Incident is the unintentional and unauthorized disclosure of Personal Identifiable Information or confidential information in the care, custody, or control of the business or service provider; a violation of a Privacy Regulation; or failure to comply with the term’s own privacy policies.
Privacy Liability – Business Records Claim by third party arising from the insured’s failure to protect trade secrets or other confidential business information.
Privacy Liability – Privacy Claim by third party arising from the insured’s failure to protect personal information (including PII, PHI and FAI).
Privacy Liability – Regulatory Claims third party liability coverage that generally is designed to protect an insured business in connection with certain requests for information, investigative demands and/or civil proceedings often brought by or on behalf of a governmental agency arising from the insured’s failure to protect personal information. The coverage often includes civil fines and penalties imposed on the insured, to the extent such fines and penalties are insurable by law.
Privacy Notification Costs are reasonable and necessary costs to hire a security expert to determine the existence and cause of a breach; costs to notify consumers under a breach notification law; or fees incurred to determine the actions necessary to comply with a breach notification law.
Privacy Regulation means statutes associate with the control and use of personally identifiable financial, medical, or other sensitive information.
Public Relations Expense typically means the hiring of a public relations firm or crisis management firm for communication services to explain the nature of the network security/cyber event and any corrective actions taken.
Regulatory Proceedings, Fines and Penalties – includes civil money penalties imposed by a federal, state, local, or foreign government entity pursuant to a regulatory proceeding.There are various State and Federal Laws governing a business responsibility following a breach. Regulators such as state Attorneys General or the Office of Civil Rights can and do investigate the handling of breaches
Regulatory Proceeding is an investigation of an insured by an administrative, regulatory, or government agency concerning a Privacy Incident, or an administrative adjudicative proceeding for a privacy Wrongful Act or network security Wrongful Act.
Regulatory Injury means injury sustained by a person due to actual or alleged disparagement of an organization’s products or services; libel or slander of natural person; or violation of such person’s rights of privacy or publicity result from cyber activities.
Reputational Harm Coverage – Some insurance policies will pay for the devaluation of a company’s brand value which occurs from a bad breach event.
Retroactive Date means the date in the declarations section of the policy. If no date is set forth in the declarations page, then the retroactive date is the date of the inception of the policy.
Reward Payment/Expenses/Cyber Extortion Costs means the reasonable amount paid by the business, with prior approval of the insurer, to an informant for information not otherwise available, which leads to the arrest and conviction of persons responsible for a cyberattack or threat covered under the policy.
Service Provider means a business the business does not own, operate or control, but that the insured hires and contracts to perform services related to the business’ computer systems, including maintaining the computer system; hosting the business’ internet website; handling, storing or destroying information and confidential materials; or providing other IT-related services.
Social Engineering usually called Phishing; this is the deceptive practice by a fraudster of tricking you to voluntarily part with money typically by sending an email pretending to be someone they are not.
Systems Failure sometimes a Computer Network can fail with the direct action of a breach, this coverage can pay for the expenses and costs associated with this non-breach failure.
Systems Upgrade some insurance policies will actually pay to put you in a slightly better security posture following a breach in an effort to bring a client up to today’s standards.
Technology Errors & Omissions claim by third party for financial loss arising from errors or omissions in the technology-facing component of the insured’s business (tech services or products).
Third Party Claim a third-party claim is a demand against the business for monetary damages or non-monetary relief; a written demand for arbitration; or a civil proceeding brought by the service of a complaint or similar pleading.
Unauthorized Access/Use is the use of, or access to, a computer system by a person unauthorized by the insured to do so, or the authorized use of, or access to, a Computer System in a manner not authorized by the insured.
Wrongful Act typically means the actual or alleged act, unintentional error, omission, neglect, or breach of duty by an insured business or Service Provider that directly results in a breach of the insured’s network.