Cyber risk is new but it is not totally different from other risks you experienced everyday. Cyberspace functions similarly as in our physical world in many ways. We can understand cyber risk protection by referring to car insurance. In a car accident, there are a few parties involved and each is protected by different types of insurance. First, the driver who is in control of the vehicle is covered as the first party insurance. Third party insurance is referring to the protections on passengers or pedestrians. If the accident is caused by a faulty design or product defect, the car manufacturer is responsible for the harm caused. The risks owned by car manufacturer is called product liability.
In cyberspace, when a data breach occurs, there are also a few parties involved. The data processor that is in control or responsible for guarding the data, is the first party. The data subject who is the person described by the data, is the third party. Take an example, when passport number is accessed illegally from a hotel operator (like in the recent Marriot case), the data subject is the hotel guest.
First party liability insurance is popular and it is directly related to the loss or impact experienced by the data processor. First party liability insurance coverage is designed to limit loss and provide the following protections:
1. Business Interruptions
When the business is not able to operate as normal, this covers the loss of income and extra expense arising out of the interruption of network service. For example, DDoS attacks.
2. Asset Loss Protection
Covers cost to replace, restore or recollect data which has been corrupted or destroyed as a result of security failure. Cost to restore data from backup storage is one of the examples.
3. Security Failure Notification Loss (Privacy Breach)
Coverage offers reimbursement for compliance/regulatory expenses incurred under personal privacy and identity theft regulation.
4. Crisis Management (Privacy Breach):
Coverage offers reimbursement of expenses on hiring breach experts (Attorney, Public Relations, Forensic Specialist) to assist with resolving data breach, notifying insureds and identifying cause of breach.
The scope of protection coverage varies from different insurance companies. Hoplite Technology maintains a constantly-updated comparison table covering major cyber insurance products in the market. Contact us if you would like to sign-up to our email update.