First party covers

A typical cyber insurance policy will include the following first party coverage for your business:

• Cyber incident response / breach response: The provision of, or cost of, cyber security advice and forensics. This is for an initial assessment as to the existence of a cyber event, determining the nature of the event, and controlling the impact of the event.
• Legal and regulatory: The provision of, or cost of, specialist legal teams to advise on any legal obligations. The team will draft any legal documents and notify any relevant bodies, as well as assist with any regulator investigations.
• Crisis communication: The provision of, or cost of, specialist PR teams to get suitable announcements out for damage control.
• Security and forensic investigation: The follow up provision of, or cost of, security or forensic consultants to fully assess the source, size and spread of any cyber event. These consultants will provide a forensic report as needed for a regulator. This also includes the provision of advice and guidance to mitigate loss or damage and to contain and remove any malicious software installed.
• Business Interruption for system downtime: Reimbursement of reduced profits directly caused by a cyber event, usually including an allowance for increased cost of working (ICOW). Additional increased cost of working (AICOW) may be available. ICOW covers those increased costs of working that are not more than the loss of revenue that would occur if the increased costs were not paid. AICOW covers those costs that would exceed the resulting loss of revenue.
• Business intelligence for reputational harm or damage: Reimbursement of reduced profits caused by reputational damage following a cyber event, for example, the loss of clients or orders.
• Dependent business Interruption: Not all cyber policies provide this, though for many businesses it may be invaluable. If you suffer a loss of profits, or ICOW, as a result of a supply chain partner suffering a sudden outage, dependent business Interruption cover reacts to reimburse the reduction of profit or ICOW. A supply chain partner could be outsourced IT, a cloud storage provider, software as a service provider, etc.
• Claim preparation costs: The sums incurred in producing an assessment of a cyber event.
• System damage / loss of or damage to data/software: Reimbursement of costs incurred to reinstate or repair data files and records, such as overtime or outsourcing. This also includes the cost to repair or replace software programmes.
• Breach notification costs / privacy breach notification costs: The cost to produce and issue digital or written notices following a cyber event. This also could include the cost to set up a call centre to manage calls to allow your business to focus on normal operations as best as possible.
• Credit monitoring costs: The cost to provide credit monitoring services and ID theft protections to affected individuals following a cyber event.
• Remediation costs: Provision of, or cost of, a cyber security expert or incident manager to mitigate and minimise future threats; this could include a system assessment, improvement recommendations, staff training, etc.
• Hardware replacement costs: Reimbursement of costs to replace damaged hardware `beyond economical repair, as the result of a cyber event.

eCrime / Crime (commonly referred to as Social Engineering)

A typical cyber insurance policy will include the following eCrime / crime coverage for your business (this is perhaps one of the most important covers, and perhaps surprisingly it is not always included as standard under a cyber insurance policy):

• Ransom / extortion payments: The cost of / reimbursement of ransom payment(s) made following a cyber event, such as a ransomware attack.
• Funds transfer fraud: The reimbursement of funds transferred from client bank by a threat actor, or following a social engineering attack leading to the transfer of funds to an unintended third party. May include third party funds in escrow (a neutral third party holding assets or funds before they are transferred from one party in a transaction to another) by the insured. This typically includes losses arising from vishing scams - phone calls with just enough vague detail to get the victim to trust the caller (‘I’m calling from your bank…’) or smishing scams – fraudulent text messages, usually with a link embedded.
• Push payment fraud: The cost to reimburse clients that have been directly manipulated into sending funds to a threat actor, who are / were impersonating the insured (through fake websites / manipulated invoices, etc), and the costs to avoid future loss (client notifications and removal of fake websites, etc)
• Telephone hacking: The fraudulent use of phone systems to call premium rate phone numbers belonging to the threat actor.

Third party covers

A typical cyber insurance policy will include the following third-party coverage for your business:

• Network security liability: Legal liability to others following a cyber event, including transmission of virus or malware to a third-party system, loss of third-party or employee personal data leading to ID theft.
• Privacy breach defence / liability: Legal liability to others following a cyber event resulting in, for example:
  • Disclosure of personally identifiable information, payment card information or protected health information.
  • Damages that are the result of failure to warn or notify affected individuals.
  • Damages that are the result of unauthorised access to data held.
• Payment Card Industry (PCI) fines and assessment costs: The costs to respond to a PCI assessment, and the payment of fines imposed (where legally insurable) following a payment card breach.
• Multimedia liability: Legal liability to others following accusations of libel / slander / emotional distress, etc, arising from media content which the insured is responsible for. This may include legal liability for infringement of any intellectual property rights, such as a copyright or trademark.

Cyber insurance from Towergate

The information in the article summarises typical covers, and not every policy provides all these benefits, which is why it is important to talk to a cyber insurance broker for advice about protection for your business.