Skip to Content

What a Great Cyber Policy Should Cover

The costs incurred from a cyber incident can be debilitating to an organization, from reputational damage to data restoration. This Cybersecurity Awareness Month, we examine what your cyber risk coverage should include in the event of a breach.

October 23, 2023

The right cyber risk insurance carrier will assist clients in their preparedness and response should a cyber incident occur. This may include utilizing a network of established privacy breach vendors and a panel of cyber risk law firms for the best experience. These cyber incident response law firms can provide guidance on handling initial inquiries from potentially affected individuals, media, law enforcement agencies, and regulators. Additionally, they can ensure compliance with all relevant federal or state privacy laws and mitigate or defend any resultant third-party claims or class actions

“Once cyber counsel has been established, they may promptly engage with a number of specialized vendors who play a unique role in ensuring a rapid, robust, and cost-effective response,” said Spencer Timmel, National Director of Cyber & Technology Insurance at Safety National. “These vendors may offer computer forensics, printing, mailing, and notification services, crisis communications, identity monitoring and protection, extortion assistance, and system and data recovery.”

The costs covered by an excellent cyber policy may include the following protections.

1. Security and Privacy Liability

These are the resulting liability and legal expenses that occur from a security or privacy breach.

2. Incident Response Expenses

Managing a cybersecurity breach can be extremely costly. This protection will cover those costs, including IT forensics, legal, crisis communication, notification, and monitoring.

3. Non-Physical Business Interruption

This protection will cover any loss of profit, extra expense, and fixed operating expense following a total or partial computer outage or disruption caused by a security breach or administrative error.

4. Contingent Business Interruption

Business interruption will happen during an incident, but this service can safeguard against any loss of profit and extra expense resulting from total or partial interruption or degradation in service of an outsourced service provider’s computer system caused by a security breach.

5. Reputational Harm

Recovering from a damaged reputation can make or break an organization. This protection will cover loss of profits and crisis communication expenses resulting from brand damage following a security or privacy breach.

6. Multimedia Liability

This protection will cover liability and defense costs incurred as a result of multimedia activities where third parties allege damage resulting from the dissemination of media material.

7. Regulatory Defense

Penalties for non-compliance can be crippling. Ensure your policy covers fines, penalties, and defense costs resulting from regulatory investigations and formal actions following a security or privacy breach. 

8. Pay Card Industry Fines, Penalties, and Assessments

Cardholder data can include some of the most personally identifiable information (PII), and consumers expect it to be handled appropriately. The associated costs can be hefty when this trust is put at risk. This protection will cover costs following the improper disclosure of payment card data.

9. Cyber Extortion

Many threat actors will demand money from an organization in return for remediating or ending an attack. This safeguards against expenses incurred from an extortion payment due to a cyber extortion threat.

10. Data Restoration

Returning to normal operations means waiting for a network to be clean and completely restored. This service will cover costs to repair or restore damaged or destroyed digital assets.


For more expertise, guidance or resources on this topic, please contact [email protected].