Apr 25, 2012

What coverage is included in Breach Response?

This is probably one of the most confusing components of cyber risk insurance. The name of this coverage differs from policy to policy. I decided to call it Breach Response because I think it's easier to remember.  I have seen the following names for this coverage: Privacy Notification, Crisis Management, Privacy Breach, Data Breach Expense Fund, Event Management, Breach Costs and Security Event Costs. I’m sure I’m forgetting a few.

This portion of the coverage typically indemnifies the Insured for the costs/expenses they incur to respond to a breach. When responding to a breach, the following costs/expenses may be incurred:


  • Forensic costs (to determine the extent of the breach)
  • Legal expenses (to determine which breach notice laws may have been triggered and how to comply)
  • Notification costs (to notify individuals whose PII [Personally Identifiable Information] may have been breached)
  • Credit monitoring costs (to individuals whose PII may have been breached)
  • Crisis Management/Public Relation expenses (to mitigate the company’s reputational damage)

Some of the policies include additional expenses under the Breach Response coverage while others limit the coverage to notification costs. The way this coverage is triggered can vary. For example, some policies give coverage for notification only where required by law, some offer credit monitoring only if financial information or social security numbers were breached, and some policies require the Insured to maintain a coinsurance for these expenses. 

When looking to purchase cyber risk insurance including Breach Response Coverage please take care in knowing what you are purchasing.



Cyber Bytes is S.H Smith & Company's Cyber, Security & Privacy blog – written by the experts you trust.


Betty Shepherd and Jeanine Loomis are experts in the field of Cyber, Security, & Privacy. Combined, they have over 40 years experience writing Cyber, Security & Privacy Liability policies.


With over three decades of experience as an IT Manager/Security Expert, Gene Barnes is intimately acquainted with the cyber threats that today's business owners face.