A crime victim will need a deep bench when responding to a cyber incident. While the role of brokers, privacy counsel and forensic investigators is well understood, the contribution of insurance claim professionals cannot be overlooked.
A victim may have a number of questions during the initial stages of a cyber incident. However, without fail, we often hear the same question in the initial stages of response to a cyber event: Is this covered by my insurance?
The “big question” comes early and arises because the insured is facing a difficult situation that directly impacts their business in addition to trying to work through what may be unfamiliar coverages of a cyber insurance policy.
Many victims have never faced a cyberattack until this point, let alone worked through insurance coverage for such an attack. Claim professionals play a vital role in informing the insured about available coverages and providing the insurer’s coverage position. And the “big question” about insurance coverage can only be answered by claim professionals who are familiar with both cyber incidents and cyber policies.
To answer the “big question,” claim professionals will need to understand the types of coverage provided by cyber insurance.
In general, insurance policies provide either first-party insurance coverage or third-party liability coverage. First-party insurance policies provide coverage for losses the named insured sustains to their own property. The classic example is a fire insurance policy paying to rebuild an insured’s home after a fire loss. On the other hand, third-party liability insurance policies provide coverage for liability resulting when another person makes a claim against the named insured. Here, the classic example would be a commercial general liability policy providing coverage for bodily injury or property damage allegedly caused by the named insured.
Hybrid Characteristics
Cyber insurance policies are unique to the extent that they typically provide a hybrid of both first-party coverage and third-party liability coverage. The hybrid properties of cyber insurance policies require claim professionals to approach the documentation and management of cyber claims differently from claims under traditional lines of insurance.
The hybrid characteristics arise from the unique risk presented by a cyberattack. A cyberattack may expose an insured to first-party claims related to losses sustained in investigating the attack, restoring systems after the attack, negotiating with the criminals who launched the attack and working with regulators if personal information was exposed during the attack.
