10 costs your cyber insurance policy may not cover (unless it’s with Coalition)

by Joshua J. Motta.

Dark Reading, long one of the most widely-read cyber security news sites on the web, recently ran a story warning of the “10 Costs Your Cyber Insurance Policy May Not Cover.” We noticed this as well. Most cyber insurance policies simply do not cover many of the real-world risk exposures companies face as they embrace technology (and all of its consequences). This is one of the reasons why we founded Coalition: to create a holistic solution to cyber risk, including the broadest insurance coverage available. Naturally, this article caught our attention and we were curious to see how Coalition would measure up.

Here goes:

1. Sales loss during downtime

According to the article, many cyber insurance policies do not cover lost profit in the event of a business interruption event. The interruption of an e-commerce retailer during the year’s busiest day, Cyber Monday, is used as an example, with a cyber insurance firm quoted as stating that “[t]he clear net income [loss] could be ten times the annual average but no policy will cover that."

Except when a policy does cover it. Coalition’s Business Interruption coverage includes lost profit (or even the net loss that would not have been incurred) as well as continuing normal operating expenses, including payroll. Coverage is provided for both security failures and system failures. And if the interruption happens during a period of abnormally high sales volume such as Cyber Monday, this is also covered. We cover the actual anticipated loss, not an average.

2. Losses incurred before a 'waiting period' ends

Business interruption coverage comes paired with a time-based deductible referred to as a “waiting period.” As the article points out, only business interruption losses after the waiting period are generally covered, and these waiting periods can be set at “around 10- to 12 hours.” In other words, in the event of an outage, a company would be out of pocket for 10 - 12 hours of loss. That can add up, especially on a busy shopping day like Cyber Monday.

Coalition, on the other hand, offers a waiting period of as low as 1 hour (and no higher than 8 hours). More importantly, once a waiting period is met, we cover losses from the very start of the interruption, subject to the policy deductible. Not only does Coalition’s coverage kick in faster, our policyholders know that all of their business interruption losses are covered (even on Cyber Monday), not just those incurred after a waiting period.

3. Third-party mistakes

The article further warns that “[s]ome cyber insurance policies extend coverage to third-party providers, but many do not.” If you use a third-party to provide e-mail, cloud services, web hosting, customer relationship management, or any number of other functions companies routinely deploy with third parties, this is a big deal.

This one’s easy. Coalition’s coverage extends to all computer systems and hosted applications that are operated by a third party vendor. Use Gmail or Office 365 for email or office productivity? No problem. GoDaddy or Amazon Web Services for your website and cloud applications? That’s covered too.

4. New Hardware

Most cyber insurance policies “typically don't cover property damage or hardware replacement.” According to the article, this “can be problematic if the data or hardware is so corrupt that it's more efficient to purchase new hardware and toss the old machine.”

By this point you may sense a pattern emerging: while most policies don’t cover this, we do. We created “Systems Integrity Restoration” coverage for this precise purpose. Coalition will cover the cost of new computer systems (spoiler: including upgrades) where the firmware of the machine is corrupted. Check out our coverages page for more information.

5. Software Upgrades

“Traditional cyber insurance policies typically don’t cover new versions of software…” If a business were to experience a cyber attack, most policies will only help restore the company back to where it was before the attack (old software and all), even if it has depreciated.

This isn't the case with Coalition. We allow our policyholders to restore computer systems and software with the most current, upgraded versions so long as the cost is substantially equivalent to the original cost of the computer system. Thanks to Moore’s Law, the same dollar you spent several years ago now buys a much better system today.

6. Social engineering

According to the article, “Business email compromise (BEC) attacks, in which executives are tricked into wiring money into outside accounts, and other forms of social engineering are not typically covered under most cyber insurance policies.” Take it from us, this is one of the most significant and severe issues facing most businesses. According to the FBI, over $3 billion in losses from BEC attacks were recorded in 2015 alone.

By now you probably guessed it: social engineering and computer crime are both covered by Coalition’s “Funds Transfer Fraud” coverage, at full policy limits.

7. Bodily injury or property damage

There is a growing realization that cyber attacks can have very real and tangible consequences. Dark Reading notes that “[t]he issue is becoming bigger as we move into the "Internet of everything” [where] increasingly connected objects have opportunities to cause physical damage or bodily injury." This may sound outlandish, but consider a modern manufacturing firm. Most are entirely run on computers; and not just the manufacturing itself, but distribution, shipping, etc. If a cyber attack were to disrupt any part of this process, it’s easy to imagine manufacturing defects, or goods spoiling on trucks.

Coalition readily offers coverage for these exposures. This includes coverage for bodily injury and property damage, but also pollution. When we say the broadest coverage available, we mean it.

8. PCI fines

When a company is hit with a credit card breach, cyber insurance policies typically cover the process of notifying customers and regulators. However, Dark Reading warns that many cyber insurance policies “...do not cover fines and penalties issued by the Payment Card Industry, which imposes its own fees following breaches.”

This is why we specifically offer “PCI Fines & Penalties” coverage, which provides coverage for the direct monetary fines and assessments for fraud recovery, operational expenses including card reissuance fees and notification of cardholders, and case management fees owed by our policyholders.

9. Reputation damage

One of the most significant risks facing companies in the event of a data breach or cyber attack is reputational damage. However, most cyber insurance policies don’t offer such coverage as a result of the difficulty of quantifying the loss.

We are not most insurance companies. Coalition offers coverage for “Reputational Repair”, which covers the costs of public relations, media purchasing, and other related costs to mitigate harm to your reputation. We also provide, by endorsement, coverage for Reputational Harm Loss--the consequential business interruption loss, or loss of profits, you experience as a result of harm to your brand.

10. Loss from account takeover schemes

The final costs that go uncovered by many cyber insurance policies are losses resulting from the unauthorized access of your bank accounts. In such an event, not only will your bank often not provide coverage, nor will most cyber insurance policies, according to Dark Reading.

We’ve tallied the score, and we’re a solid 10 for 10. Coalition’s “Funds Transfer Fraud” coverage provides broad coverage for such fraud, no matter if the result of social engineering or other form of unauthorized access.

tl;dr

  • Not all cyber insurance policies are equal, and many don’t cover common exposures as Dark Reading artfully points out.
  • When purchasing cyber insurance, be sure to carefully review all coverages and policy language. We also recommend that you consult with an experienced insurance broker.
  • Coalition offers comprehensive coverage for the cyber risk exposures facing businesses, including all of the 10 costs Dark Reading warns about, even where many other policies do not.

If you’d like to learn more about Coalition, and how our holistic approach to cyber risk can help you or your customers, we’d love to hear from you!

This article is meant to provide a summary only. Please read our policy for all coverages, terms, exclusions, and conditions.