TYPES OF DATA BREACH COSTS:

CRISIS SERVICES

LEGAL SETTLEMENT

REGULATORY DEFENSE

PCI FINES

LEGAL DEFENSE

SECTION A: NETWORK SECURITY LIABILITY

  • This section addresses coverage for legal defense costs or sums owed to a third party stemming from transmitting malware, a denial of service attack to a third party’s systems, failure to prevent unauthorized access of information stored on your computer systems, or identity theft costs.
  • Claims Example: A hacker accesses an employee’s email address and sends out a virus to their email entire client address book, destroying a client’s system. This would be coverage to repair the client’s systems and defense costs if it moves to court.

SECTION B: PRIVACY LIABILITY

  • This section addresses defense costs or sums owed to a third party as a result of exposing sensitive information.
  • Claims Example: A hacker steals personally identifiable information on a businesses’ clients all over the United States. To comply with each state’s privacy regulations, a lawyer is brought in to figure out how to properly notify each individual depending on their domiciled state. Time, postage, and legal costs can begin to amount quickly.

SECTION C: MANAGEMENT LIABILITY

  • This section addresses coverage for the costs that a senior executive officer becomes legally obliged to pay as a result of a cyber event.
  • Claims Example: In the event of a cyber attack, the blame can be pointed at the board of directors for not putting a comprehensive security program in place.

SECTION D: REGULATORY FINES

  • This section addresses coverage for the defense costs, fines, and penalties in a regulatory investigation.
  • Claims Example: Governmental, regulatory, law enforcement, professional or statutory body’s all regulate privacy and can go after a business in a cyber event.

SECTION E: PCI FINES, PENALTIES AND ASSESSMENTS

  • This section addresses coverage for fines, penalties, and card brand assessments including fraud recoveries, operational reimbursements, non-cooperation costs and case management fees owed to an acquiring bank or payment processor as a result of a payment card breach.
  • Claims Example: In the event credit cards are stolen, a business can be liable to pay an acquiring bank or payment processor card re-issuance costs, fraud costs, and PCI pay fines/penalties.

Source: Net Diligence 2016 Cyber Claims Study

Note: this information is presented for your convenience, but in no way does it alter the actual contract(s) of insurance. For coverage details, please refer to the policy(ies) for actual language. In the event of conflicting statements, the policy conditions supersede this document.