Cyber Bytes is S.H Smith & Company's Cyber, Security & Privacy blog – written by the experts you trust.
This is probably one of the most confusing components of cyber risk insurance. The name of this coverage differs from policy to policy. I decided to call it Breach Response because I think it's easier to remember. I have seen the following names for this coverage: Privacy Notification, Crisis Management, Privacy Breach, Data Breach Expense Fund, Event Management, Breach Costs and Security Event Costs. I’m sure I’m forgetting a few.
This portion of the coverage typically indemnifies the Insured for the costs/expenses they incur to respond to a breach. When responding to a breach, the following costs/expenses may be incurred:
Some of the policies include additional expenses under the Breach Response coverage while others limit the coverage to notification costs. The way this coverage is triggered can vary. For example, some policies give coverage for notification only where required by law, some offer credit monitoring only if financial information or social security numbers were breached, and some policies require the Insured to maintain a coinsurance for these expenses.
When looking to purchase cyber risk insurance including Breach Response Coverage please take care in knowing what you are purchasing.