Originally posted September 25, 2013 by Anya Khalamayzer on http://www.propertycasualty360.com
Cyber attack is a top concern for businesses in 2013, with 85 percent of corporate executives naming it their greatest risk, trumping loss of income (82 percent) and property damage (80 percent), according to a recent AIG survey.
Of 258 executives polled by market research firm Penn Schoen Berland for the study, three-quarters say legal compliance issues are making their organizations think more about cyber risks.
The majority (80 percent) of executives and brokers say they find it difficult to keep pace with information regarding cyber threats. However, the Insurance Information Institute (I.I.I.) points to a Zurich study stating less than 20 percent of companies purchase cyber insurance to protect themselves against this increasingly common cause of loss.
Here is an alphabetical guide to the types of coverage available for damages received on cyber turf, as described by the I.I.I.
Business Interruption – Covers loss of business income as a result of an attack on a company’s network that limits its ability to conduct business, like denial-of-service. The coverage may include extra expenses for forensic procedures and loss of income from dependent business interruption.
Business Owners Policy (BOP)—May cover loss from computer viruses and harmful code, but could be excluded if caused by intentional actions by a company employee.
Cyber Extortion – Covers the settlement of an extortion threat against a company’s network and the cost of hiring a specialty security firm to investigate and negotiate with blackmailers.
Crisis Management – Insures the expense of hiring a PR or advertising firm to bolster a company’s reputation after a cyber incident, as well as notifying consumers of a breach of private information and providing credit-monitoring or other remediation services after a data leak. According to AIG, more than two-thirds of executives and brokers believe a company’s reputational risk from cyber attack is greater than financial risk.
Criminal Rewards – Covers the cost of posting a criminal reward fund for information leading to the arrest and conviction of a cyber criminal who has attacked a company’s computer systems.
D&O/Management Liability – Can be specifically-tailored to cover cyber liability risks faced by directors in various industries.
Data Breach – Covers the expenses and legal liability resulting from a data breach. Policies may also provide access to services helping business owners to comply with regulatory requirements.
Identity Theft – Provides access to an identity theft call center in the event of stolen customer or employee personal information.
Liability – Covers defense costs, settlements, judgments and, sometimes, punitive damages incurred by a company as a result of breach of privacy due to data theft from credit cards or health information; transmission of a computer virus that cause third-party loss; failure of network systems that are essential to third parties; and allegations of copyright, trademark infringement or defamation activities on the company’s website or banner ads posted on other sites.
Loss/Corruption of Data – Covers damage to, or destruction of, valuable information assets as a result of viruses, malicious code and Trojan horses.
Property—Traditional property policies may cover cyber incidents that result in damage arising from a covered loss cause such as a fire, which might be inflicted by an act of cyber terrorism.
Social Media/Networking – Policies in this emerging field provide coverage for exposure for defamation, advertising, libel and slander on social media forums. Umbrella or excess liability policies may provide broader protection on claims against the insured for libel and slander, or plans with higher liability limits.