John Merchant, a director and underwriter at Freedom Specialty Insurance Co. — part of the Nationwide Group — divides cyber insurance coverage into five broad categories:
- Liability coverage, which covers damages from loss or compromise of sensitive third party data, like patient medical records. It also covers liability arising from damage to a third party’s network because the insured’s network caused a data breach, such as if a virus traceable to the insured’s network infects another network. And it covers e-media issues, like libel or slander or misuse of a company’s trademark.
- Expense coverage, which covers the cost to notify every person whose privacy has been breached. Often that includes providing the victim services like credit monitoring, identification theft monitoring or restoration of a stolen identity.
- Regulatory coverage, which covers the company’s costs if the breach triggers an investigation by state or federal authorities.
- Industry group coverage, which handles fines assessed by industry associations for data breaches. For example, Visa, MasterCard and Discover have established a Payment Card Industry-Data Security Standard. If a credit card issuer fails to adhere to the standard, it can be fined.
- First party coverage, which handles loss of revenue from network interruptions caused by a security breach, or the cost of restoring lost data.