Understanding Security & Privacy Liability Insurance

Security and Privacy Liability Insurance protects the insured from loss due to a security failure or privacy event.  Security Failure is defined as:

(1) a failure or violation of the security of a Computer System including, without limitation, that which results in or fails to mitigate any unauthorized access, unauthorized use, denial of service attack or receipt or transmission of a malicious code;

(2) physical theft of hardware controlled by a Company (or components thereof) on which electronic data is stored, by a person other than an Insured, from a premises occupied and controlled by a Company; or

(3) failure to disclose an event referenced in Sub-paragraphs (1) or (2) above in violation of any Security Breach Notice Law.

“Security Failure” includes any such failure or violation, resulting from the theft of a password or access code from an Insured’s premises, the Computer System, or an officer, director or employee of a Company by non-electronic means in direct violation of a Company’s specific written security policies or procedures.  

Privacy Event is defined as:

(1) any failure to protect Confidential Information (whether by “phishing,” other social engineering technique or otherwise) including, without limitation, that which results in an identity theft or other wrongful emulation of the identity of an individual or corporation;

(2) failure to disclose an event referenced in Sub-paragraph (1) above in violation of any Security Breach Notice Law; or

(3) violation of any federal, state, foreign or local privacy statute alleged in connection with a Claim for compensatory damages, judgments, settlements, pre-judgment and post-judgment interest from Sub-paragraphs (1) or (2) above.

Event Management provides coverage for costs the insured incurs as a redult of the above referenced Security Failure or Privacy Event. Loss for this coverage part is defined as:

the following reasonable and necessary expenses and costs incurred by an Insured within one year of the Security Failure or Privacy Event:

(1) to conduct an investigation (including a forensic investigation) to determine the cause of the Security Failure or Privacy Event;

(2) for a public relations firm, crisis management firm or law firm agreed to by the Insurer to advise an Insured on minimizing the harm to such Insured, including, without limitation, maintaining and restoring public confidence in such Insured;  

(3) to notify those whose Confidential Information is the subject of the Security Failure or Privacy Event and advise of any available remedy in connection with the Security Failure or Privacy Event, including, without limitation, those expenses and costs for printing, advertising and mailing of materials;

(4) for identity theft education and assistance and credit file or identity monitoring;

(5) for any other services approved by the Insurer at the Insurer’s sole and absolute discretion;

(6) to restore, recreate or recollect Electronic Data; or

(7) to determine whether Electronic Data can or cannot be restored, recollected or recreated.

Provided, however, Loss shall not include compensation, fees, benefits, overhead or internal charges of any Insured.

Media Content Insurance- protects the insured for any Wrongful Act during the gathering, collection, broadcast, creation, distribution, exhibition, performance, preparation, printing, production, publication, release, display, research, or serialization of material, which results in:

(1) infringement of copyright, title, slogan, trademark, trade name, trade dress, mark, service mark, service name, infringement of domain name, deep-linking or framing, including, without limitation, unfair competition in connection with such conduct;

(2) plagiarism, piracy or misappropriation or theft of ideas under implied contract or other misappropriation or theft of ideas or information; including, without limitation, unfair competition in connection with such conduct;

      1. invasion, infringement or interference with rights of privacy or publicity, false light, public disclosure of private facts, intrusion and commercial appropriation of name, persona or likeness; including, without limitation, emotional distress or mental anguish in connection with such conduct;

      2. defamation, libel, slander, product disparagement or trade libel or other tort related to disparagement or harm to character or reputation; including, without limitation, unfair competition, emotional distress or mental anguish in connection with such conduct;

      3. wrongful entry or eviction, trespass, eavesdropping or other invasion of the right to private occupancy, or false arrest, detention or imprisonment or malicious prosecution; including, without limitation, any emotional distress or mental anguish in connection with such conduct;

      4. negligent or intentional infliction of emotional distress, outrage or prima facie tort in connection with Material; or

      5. Loss because a third party, which has no ownership relationship with any Insured, acts upon or makes a decision or decisions based on the content of the Material disseminated by an Insured or with an Insured’s permission.

Network Interruption Insurance- provides coverage for loss that occurs as a result of a security failure. Loss is defined as the below listed costs incurred within 120 days after the end of a Material Interruption (or 120 days after the Material Interruption would have ended if an Insured exercised due diligence and dispatch):

(1) costs that would not have been incurred but for a Material Interruption; and

(2) the sum of all of following, which shall be calculated on an hourly basis:

(a) Net Income (Net Profit or Loss before income taxes) that would have been earned; and

(b) Continuing normal operating expenses incurred, including payroll.

“Material Interruption” means the actual and measurable interruption or suspension of an Insured’s business directly caused by a Security Failure.

Cyber Extortion Insurance- provides coverage for the insured that the insured incurs as a result of a security threat. A security threat is defined as: any threat or connected series of threats to commit an intentional attack against a Computer System for the purpose of demanding money, securities or other tangible or intangible property of value from an Insured.