A specialized cyber-risk insurance policy is necessary. Coverage would not usually be triggered under a commercial general liability policy–many of which also have exclusions. Importantly, property-damage policies typically do not acknowledge “data” as property.
“Cyber liability” is essentially comprised of two defined risks:
- Security Liability: the unauthorized access and/or use of a network. Employees or others with access to the network can misappropriate identity information, business secrets, transmit malicious codes, and undertake a denial of service attack against your network or other networks.
- Privacy Liability: the breach of personal data protection laws that allow individuals to control the collection, access, transmission, use, and accuracy of their personal information.
The available policy coverage options start with General Internet Crime Liability. This addresses the first and third party risks associated with e-business, the Internet, networks and informational assets.
However, it is critical to review your business activities to ensure appropriate coverage. To this needs to be added appropriate Property, Directors and Officers, Business Interruption and Fidelity wordings. For those businesses offering software and services susceptible to outage or malfunction associated with a cyber-attack, Electronic Errors and Omissions coverage should also be obtained.