1st party defense/liability is the defense cost of covering the insured when held responsible for the data breach.
For example, by luring a user to click an unsuspecting link of attachment, hackers can penetrate a firm’s computer system to access client data, read email messages, and appropriate emails and other programs.
3rd party defense/liability is the defense costs of covering any third party responsible for the breach.
For example, when major retailers had massive breaches back in 2013, it was found to be the fault of third party HVAC vendor doing work for the retailer.
The privacy regulations are fines or penalties that you could face from PII (Personally Identifiable Information) being exposed.
For example, failure to secure your clients social security numbers could make you accountable for not protecting PII.
A fraud response expense is the identity theft, credit monitoring, or other crisis management services available for affected personnel on your team.
Public relations expenses are the costs a company incurs to hire a public relations firm to help navigate a breach.
When a firm’s data is breached, a forensics expert is hired to investigate the breach and gather evidence needed to prove the who, what, where, when, why and how.
Unfortunately, data breaches require a firm to defend the insured and to council the parties involved in the event.
The notification and credit monitoring expenses are the cost of notifying affected individuals following a security event, privacy event, social media event or breach of privacy regulation. Typically, this includes coverage for credit monitoring services for the affected individuals.
PCI-DSS fines are any fines or penalties that an insured firm faces resulting from non-compliance with payment card industry-data security standards rules.
If an insertion of malware on computers hardware or software prevents the insured’s ability to access their data until a ransom is paid to the perpetrator.
Ransomware pays the coverage for payment of a ransomware attack against you.
Say for example, someone hacks into your checkin account and steals money or conducts a fraudulent wire transfer.
Coverage for this provides for stolen monies or physical assets.
Imagine someone in your company falls for one of the many bogus emails that make it to their inbox. They give out sensitive information or they click a link from an impersonator, opening your entire organization’s data to hackers.
Social engineering is when people are manipulated into breaking security practices. Coverage only applies to the financial element of the actual social engineering loss.
In this example, a hacker uses your organization’s telephone number to robo dial thousands of long distance numbers, thus causing your firm’s telephone bill to skyrocket.
This coverage is provided for utility fraud.
If a ransomware attack locks employees out of their computers, preventing them from carrying out important correspondence and invoicing, then they are experiencing business interruption and recovery.
By definition, they are a company’s own losses of income and rectification costs from network interruption or following a breach.
This is the liability arising from advertising and intellectual property risks, like a website.
Reputational damage is the business income loss arising from loss of services contracts and reductions in brand value following a cyber event.
Data replacement and recovery is the cost to restore, re-collect, or replace data including expenses for materials and working time.
If a third-party remote workspace platform that a company relies on has an outage, this results in interruption and financial loss for the company.
Your company’s losses and rectification costs from a loss sustained in connection with cloud computing interruption.
Crypto-jacking is the unauthorized access or use of a computer system to mine for Digital Currency that directly results in the additional costs that your company incurs for the increased utility costs.
Invoice manipulation is the release or distribution of any fraudulent payment instruction to an unauthorized third party who accesses your network and provides that instruction.
These are the costs to replace or repair hardware directly impacted by a cyber event.
For example, if a malicious software causes multiple computers to be considered untrustworthy your IT team may recommend replacement, even after the software is removed.
