Coverage for notification costs, forensic costs, legal expenses, and crisis management in the event of a
data security or privacy breach.

Example: Your database containing customer payment information gets breached. The insurer will pay
for security forensics of the breach, and for notifying affected customers about the breach.

Inside: Covered costs associated with recovering a breach count against the policy’s aggregate limit.

Outside: Covered costs associated with recovering a breach do not count against the policy’s aggregate limit.

Example: You have a policy with an aggregate limit of $1M. One day, you suffer a data breach, and your insurer spends $50,000 on notifying customers about their breached data, as required by law. If your policy’s breach costs are inside the limit, then you have $950K of coverage remaining. If your breach costs are outside the limit, then you still have $1M of coverage remaining.

Coverage for costs to replace hardware if it becomes unusable due to a cyber event. (Useless hardware may be colloquially referred to a “brick”.)

Example: A virus breaks your computer. The insurer will pay to replace it.

Coverage for lost revenues or expenses incurred due to an interruption or outage of an insured’s systems caused by a cyber security breach. This coverage usually has a waiting period of downtime that you must endure before you are allowed to file a claim, and an indemnity period that is the longest amount of downtime that will be covered.

Example: You have business interruption coverage with a four-hour waiting period. A cyber attack leaves important servers offline, so you cannot do sales during that time. The insurer will cover both the revenues lost due to downtime after four hours, and the costs to put the servers back online.

Also known as the insurer, this is a company that issues an insurance policy.

A request from an insured to a carrier for indemnification of losses due to an event covered by an insurance policy.

Also known as a subjectivity, this is a requirement that must be fulfilled by the insured to be covered by the policy.

Coverage for lost revenues or costs due to Business Interruption as a consequence of third parties suffering outages that prevent the insured from generating revenue or operating normally.

Example: The vendor managing your IT system has downtime due to a cyber attack. Consequently, you cannot process new sales. Your insurer will reimburse you for those lost revenues.

An amendment added to an insurance policy that changes some of its terms.

The party that is insured by an insurance policy. A policy may have many insureds.

The act of restoring an insured to their original financial position prior to a loss covered by a policy. It makes the insured whole for damages incurred.

Coverage for losses due to customer invoices being fraudulently sent or modified.

Example: A criminal gains access to an employee’s email account, and sends a legitimate-seeming invoice to one of your customers. The customer pays the invoice to the criminal, while your company does not get paid. The insurer will cover the net financial loss to you.

Coverage for expenses incurred in an alleged privacy or data breach, such as remediation and defense/damages in the event of litigation due to the breach.

Example: Your customer database is breached and your customers’ passwords are leaked. A customer consequently suffers damage and sues you. The insurer would cover the costs of your litigation defense.

Coverage for damages due to the publication of media material (text, sounds, images, etc.) that results in allegations of defamation, slander, trademark or copyright infringement, etc.

Example: Your company changes its logo. Another company alleges that your new logo infringes on their trademarked logo. The insurer would cover any legal costs in defending your new logo.

Also known as Data Security Standard (“DSS”), this is coverage for losses (defense costs and corresponding fines and penalties) due to any alleged or actual noncompliance with PCI security standards.

Example: Your company accidentally stores some customer credit card numbers in an insecure way. Those numbers become leaked to the public, and some customers suffer damages. The insurer would cover those damages, as well as any additional fines that are assessed.

Also known as the term, this is the time period for which the policy is active. Losses incurred while the policy is active may be submitted as claims. The term begins on the “effective date” and ends on the “expiration date.”

The owner of the insurance policy. Usually, the policyholder is also the insured under the policy.

The amount an insured must pay an insurer to be covered by a policy.

Coverage for legal defense and civil fines or monetary penalties that an insured may be required to pay if investigated by a regulatory authority following a cyber event.

Example: Your customers’ sensitive data is leaked to the public. A government agency investigates you to assess if you have complied with all applicable privacy/data storage requirements. They find that you have not, and you are fined. The insurer would cover any legal defense costs, as well as the fine.

Coverage for lost revenues or expenses incurred due to an adverse media event following a cyber attack.

Example: Your corporate LinkedIn is taken over by a hacker and defaced with offensive messages. The insurer would pay for a public relations firm to remedy the situation, and for any lost revenues if sales decrease because of the defacement.

The amount an insured must pay toward any loss before the insurer begins providing coverage under a policy. (This is like a deductible, except that retentions do not decrease the limit of coverage available.)

Example: If you have a one-year policy with a $1M aggregate limit and a $5K retention, and you have a claim for $700K, then you are paying $5K out of pocket, and the insurer is providing $695K of coverage. There remains $305K of aggregate limit that the insurer would have to pay toward any other claims that year.

Coverage for losses due to criminals deceiving the insureds’ employees into taking damaging actions, such as initiating payments to fraudulent actors.

Example: An employee wires a vendor after receiving an urgent email from the CEO about payment being overdue. It turns out that the email was not from the CEO but from an impersonator. The insurer will cover the loss.

The maximum total amount a carrier will pay for a specific type of loss under the terms of the policy. Sublimits for some individual coverages may be lower than the aggregate limit.

Example: If you have a one-year policy with a $1M aggregate limit and a $250K sublimit on the bodily injury coverage, and you have a claim for $100K in a bodily injury event and a claim for $400K in another bodily injury event, then the insurer would only provide $250K of coverage.

An insurance product that is not “admitted” with the department of insurance in the state in which it is being sold. A surplus lines product may only be sold by a licensed surplus lines broker.

Any insurance quotes on GetCyber are provided by an insurance broker licensed for surplus lines in all 50 states and the District of Columbia.

Coverage for lost revenues or expenses incurred due to an outage of an insured’s systems for any reason (not limited to cyber security breaches).

Example: A software update for employee workstations malfunctions, and those workstations are rendered unusable for a day. The insurer may cover costs of restoring the workstations, and any losses due to these employees being unable to perform work for that day.