Cyber Coverage 101

What exactly does a cyber policy include for a law firm? “That’s the million-dollar question because every cyber policy is different,” says Coalition CEO/co-founder Joshua Motta. “There is no standardized policy language. That’s why it’s important to work with a carrier that understands this risk, and whose policy will respond to all possible loss scenarios. Not all policies are created equal.”

Cyber forms and coverages are still evolving, so it’s important to review the actual policy to ensure that the coverage provided meets the needs of the insured.

Some first-party coverages include:

Incident Response Costs

The legal fees and expenses associated with computer forensics, breach notification, and identity monitoring when a security breach occurs.

Cyber Extortion

Money (or cryptocurrency) paid as a result of threats made to destroy data, attack a computer system, or disclose electronic computer information.

Business Interruption

Loss of income and the expenses to restore operations as a result of a computer system disruption caused by a virus or other computer system attack. Contingent business interruption is available to provide coverage when such a disruption occurs to a third-party service provider, such as a website hosting company, rather than to the insured’s own network.


Loss of money or securities as a result of a computer fraud, funds transfer fraud, or social engineering.

Typical third-party coverages include:

Network and Information-Security Liability

Coverage for claims arising from unauthorized access to data, failure to provide notification of a data breach when required by law, or transmission of a computer virus from the insured’s network.

Communications and Media Liability

Coverage for claims from copyright infringement, defamation, libel or slander in electronic content.

Regulatory Defense Expenses

Coverage for claims by government agencies as a result of network and information security liability or communications and media liability.

More recent additional cyber protections include:

System Failure

Extends business interruption coverage to computer system disruptions caused by any unintentional or unplanned outage of a computer system, not only those caused by viruses; and

Reputational Harm

Lost profits to an insured resulting from damage to its reputation caused by a data breach.

Additionally, many policies offer coverage against physical perils that may be caused by a cyber event, such as bodily damage, destruction of property or pollution. An example would be a manufacturer that gets hacked and has its entire inventory destroyed when cooling systems are turned off remotely or sprinklers are turned on.

Source: Property Casualty 360 Magazine – September 2018 Issue