Typical Coverages 

Primary Coverages:

• First Party Coverage (cybercrime expense) – business income loss, cost of notifying customers of a breach (which is legally required under the PIPA privacy act), credit monitoring, hiring of public relations firm to repair any damage done to image, regulatory fines or penalties incurred as a result of a breach, ransomware
• Third party liability (cyber liability)  – protects the insured for its liability to others 
• Direct Loss, legal liability, consequential loss
• Defence costs

Network and information security coverage may extend to:

• Electronic or non-electronic data and is not limited to e-commerce, website or other specified activities, or only to information “on premises”
• Medical or health care information
• Any private personal information that is protected under any local, provincial, state, federal or foreign law
• Failure to provide notification required by ANY security breach notification law
• Claims made by employees

Other Coverages:

• Defence expense coverage for regulatory claims – for network and information security coverage and communications and media liability
• Coverage for unfair business practice claims under network and information security or communication and media insuring agreements – If such practices directly result from a network and information security wrongful act or a communications and media wrongful act

Network and information security coverage is not narrowed by exclusions for:

• Failure to maintain a computer network or system
• Failure to maintain risk controls
• Lack of performance in software
• “Spyware,” “cookies” or other invasive devices or methods used to collect private information
• Trading losses