Cyber insurance is designed to protect businesses and individuals from the risks associated with online activities. Specifically, losses related to data breaches, network security failures, ransomware, and cyber-attacks. Cyber policies can vary widely in terms of coverage, limits, and exclusions, so it’s important to carefully review the policy with your broker (and legal counsel, if desired) before purchasing to ensure it meets your specific needs.
A hospital’s computer systems were shut down when a ransomware attacker sought $500,000 worth of Bitcoin to restore access. The hospital could not bill any health insurance carriers, MRIs and CT scans were disrupted, the payroll system went down, and they had to resort to paper mode to chart and monitor patients. As a result, the hospital paid more than $700,000 for forensics, data recovery, business interruption and crisis management.
A hacker gains access to a company’s database containing sensitive customer information, including names, addresses, and credit card numbers. The company is required to notify affected customers and provide credit monitoring services. The cyber policy may provide coverage for the costs of the investigation, notification, and credit monitoring services, as well as any legal liabilities resulting from the breach.
A company employee receives an email from what appears to be the company’s CEO, instructing them to wire funds to a vendor. The email is actually from a fraudster spoofing the CEO’s email address. The company wires the funds and later discovers they have been scammed. The cyber policy may provide coverage for the lost funds. Coverage for this type of event is typically sublimited, though the amount can vary by carrier and insured.