There are a wide range of insurance products within the generic umbrella of
Exclusions: A good place to start understanding what your policy covers.
Having a clear understanding of what your Cyber Risk policy doesn’t cover is as important as understanding what it does cover. Some of the prominent exclusions to coverage contained in Cyber Risk policies are summarized below. It’s important to be mindful a policy’s exclusions do not always appear in the Exclusion section. Many insurance policies often imbed coverage limitations in other parts of the policy, such as within the Definitions section. Similarly, policy exclusions sometimes contain carve-backs or exceptions to the exclusion which typically make a portion of an exclusion inapplicable, thereby expanding coverage under specifically defined circumstances.
Some typical exclusions are:
•Claims involving the recall, replacement, repair or supplementation of the Insured’s product or service.
•Claims alleging software failure involving software that is in a test phase or not in general commercial release.
•Claims involving fee disputes.
•Claims involving electrical, mechanical or telecommunication failures or interruption, unless the failure was caused by the Insured’s covered wrongful acts.
•Claims alleging invalidity, misappropriation or infringement of a patent, trade secret, copyright, trademark or service mark unless arising from electronic publishing activity.
•Certain proceedings brought by federal, state or local governmental agencies, licensing authorities, or rights organizations, except for network security or privacy-related claims.
•Claims alleging unauthorized collection of personal data of third parties with the knowledge of the Insured’s principal partner, director or officer is imputed to other Insured individuals and/ the entity.
Readers should not be left with the impression that these policies don’t cover much. Quite the contrary, these insurance policies provide very broad and valuable coverage. The definition of “Wrongful Act” as found within one of the more prominent Cyber Risk policies states: “…means any error, misstatement, misleading statement, act, omission, neglect, breach of duty, or Personal Injury offense actually or allegedly committed or attempted by any Insured in their capacity as such:” That clause is followed by a litany of coverage triggers including but not limited to: “failure of the Insured’s
IT professionals provide a variety of
The Checklist – Does Your Policy Cover…?
•Is Defense fully covered without any allocation of defense costs between covered and non-covered claims if at least one covered allegation is asserted?
•Does Data Breach coverage include both first-party and third-party expenses?
•Does Privacy Coverage apply to third-parties such as customers and employees of the Insured?
•Does the policy provide Expense Coverage for complying with Consumer Privacy Notification regulations and credit monitoring expenses?
•Are costs of retaining public relations or crisis management firms and / or law firms in the event of a privacy breach event covered?
•Are Data Breach claims subject to deductibles, retentions or co-insurance?
•Are regulatory fines, pre-judgment and post judgment interest covered?
•Does Business Interruption coverage include costs to enhance information assets beyond their pre-loss status?
•Are consequential damages covered?
•Is Contractual Liability covered if liability exists in the absence of the contract?
•Does the policy’s definition of Legal Proceedings include arbitrations?
•Is Additional Insured coverage available if required by contract?
•Are Independent Contractors covered if the claim is also brought against an Insured?
•Are Defense Expenses covered for Deceptive or Unfair Business Practices unless a final adjudication is rendered adverse to the Insured?
•Will the policy provide defense coverage for claims seeking solely injunctive relief?
•Does the policy offer an option to include Professional Liability Coverage?
Whether the IT enterprise is a small, medium or large firm, when losses arise relative to the scope of their respective contracts, they can have a devastating effect. Before even considering the potential economic damages, one must consider the cost of defending a technically complex claim. Without proper insurance, those defense costs can be enough to cripple most IT service providers, or certainly put severe stress on a company’s profitability. In addition, there are public relations consequences and other related expenses that may be incurred in connection with such claims.