Policy Guides

Search InfoCentral

Introduction

Cyber Liability and Information Security 

Remember the early 1990's when employment practices liability was the latest fad in insurance products? Now EPL is a mandatory offering to all commercial clients, and it's time for agents to move on to the latest product – Cyber Liability and Information Security.

Insurers have responded to the electronic revolution – and a few court decisions – by developing policies – generally known as Cyber Liability and Information Security policies – to provide first- and third-party coverages for exposures arising out of computer systems, web sites and email.

Some companies are offering similar coverages on endorsements to businessowners (BOP) and management liability policies. However, the coverages and options available on such endorsements are generally more limited than that found on standalone Cyber Liability and Information Security policies.

Commercial clients need the new policy forms because CGL and electronic equipment policies generally don't cover these exposures. While there is some duplication, many of the exposures covered by the new policies do not fit neatly into the insuring agreements of the other forms.
For example, an employee may send a customer an e-mail attachment containing a virus that destroys the customer's computer system, and the customer may sue for damages based on negligent virus transmission. Because the CGL covers property damage to tangible property, it arguably does not cover the loss of intangible data in a software system.

A Cyber Liability and Information Security policy may cover this exposure, as well as libel, trademark and copyright infringement, breach of confidence, inadvertent contacts, computer hacking and contingent liability arising out of the textual content on a Web site.

In addition, numerous federal and state laws and regulations have been enacted since the 1970s to protect the privacy of consumers' personal information stored on computer systems and transmitted via web sites and email. A Cyber Liability and Information Security policy may be designed to cover a commercial entity's legal responsibilities for unintentional disclosure of protected personal information, including expenses related to responding to such disclosure.

Finally, the customer's own computer system is subject to "destruction" by virus, malicious code and denial-of-service attacks, or threats to wreak such destruction or disclosure of personal information by outside parties, and such incidents may result in loss of business income and extra expenses to respond. A Cyber Liability and Information Security policy may be designed to cover these exposures, as well.


What You Will Find in This Section of InfoCentral

Summary of Covered Exposures reviews the coverages generally offered by admitted and nonadmitted insurers providing Cyber Liability and Information Security Policies in the marketplace. We reviewed policy forms used by seven different insurers and the ISO Information Security Protection Policy, and the 2013 Betterley Cyber/Privacy Insurance Market Survey Report (see below).

The Coverage Comparison Chart denotes the coverages available on the ISO Information Security Protection Policy and then summarizes other coverage options that may be available on policy forms offered by insurers. You can compare various forms by checking the boxes when the same or similar coverages are available.

Information Security Protection Policy (ISO)

A detailed analysis of the ISO Information Security Protection Policy follows the Coverage Comparison Chart. This analysis includes the following sections:

While it is unknown how many insurers (if any) are using the ISO Information Security Protection Policy form in Texas, this InfoCentral policy guide analyzes the ISO form and endorsements and uses this analysis as the basis for comparing forms used by other insurance companies.
The policy wording is displayed in the left-hand column and comments on the policy wording are displayed in the right-hand column. Where appropriate, the comments are followed by "Variations to Watch For," based on provisions found in forms offered by different insurers writing in Texas and analyzed for this purpose.

More Help is Available

The types of coverage offered and the scope of coverages provided varies significantly from one insurance company to another. Choosing the right policy for a customer requires an agent to identify the customer's exposures and match those exposures with the appropriate policy.

The International Risk Management Institute (IRMI) provides helpful resources on the Cyber Liability and Information Security market on a subscription basis, including the latest 137-page Betterley Cyber/Privacy Insurance Market Survey. This report surveys the products offered by 26 different insurers with charts providing detailed information on coverages offered by the insurers.

IRMI offers limited information to non-subscribers on its web site, including: