Protecting Your Digital World: Demystifying Cyber Insurance Part 1

How Cyber Insurance Supports Incident Response and Recovery  

Cyber insurance is not a security strategy; it’s just like your homeowner’s insurance plan. It’s there to help you recover after an incident, but it is not your only defense. Think of it like this, you pay for fire insurance, but you still put fire extinguishers in your buildings. Cyber insurance is used during an incident, but other cybersecurity protections, like penetration tests, should be done regularly to fortify your institution’s network and prevent an incident. At NYSERNet, we want to help you find the best cyber insurance coverage for your institution.  

What should be included in your plan?  

A robust cyber insurance plan should include primary and third party coverage to ensure comprehensive protections when needed during a cybersecurity incident.  

Primary Coverage (Your direct costs) 

Incident Response Costs:  

• Forensic Investigation: Hiring experts to investigate the incident, identify the root cause, scope damages, and affected data. 

• Legal Counsel: Legal advice on breach notification laws, regulatory compliance, and overall incident strategy. 

• Public Relations/Crisis Management: Internal and external communications and management. 

• Notification Costs: Reporting and notification obligations to affected individuals.  

• Credit Monitoring and Identity Theft Services: Services for impacted individuals. 

• Loss of Income: Reimbursement for lost profits due to system downtime caused by a cyber incident (e.g., ransomware attack, DDoS). 
• Extra Expenses: Costs incurred to minimize business interruption and restore operations (e.g., temporary staff, renting equipment, using alternative facilities). 
• Contingent Business Interruption: Coverage for losses if a critical third-party vendor (e.g., cloud provider) you rely on suffers a cyberattack that impacts your operations. 

• Recover/Reconstitution of Data: Recovering corrupted, damaged, or lost data and software. 
• System Restoration: Repair, clean, or replace infected or damaged systems and hardware. 
• "Bricking" Coverage: Specific coverage for devices rendered unusable due to a cyberattack. 

• Ransom Payments: Coverage for ransom demands. 
• Negotiation Services: Professionals skilled in negotiating with extortionists. 
• Cryptocurrency Costs: Expenses associated with acquiring and transferring cryptocurrency for ransom payments. 
• Financial Theft: Direct financial losses due to fraudulent funds transfer, invoice manipulation, and social engineering scams. 

Third-Party Coverage (Liability to others) 

• Legal Defense Costs: Defending your organization against lawsuits from individuals whose personal data was compromised. 
• Settlements and Damages: Judgments, settlements, or damages awarded to affected third parties. 

• Claims Alleging Security Failure: Coverage if your network security failure causes damage to a third party. 

• Legal Costs: Defending investigations or inquiries by regulatory bodies (e.g., HIPAA, GDPR, CCPA, state attorneys general). 

• Fines and Penalties: Civil fines or penalties levied by regulators  

• PCI Fines and Assessments: Fines or assessments from the Payment Card Industry Data Security Standard (PCI DSS) Council due to non-compliance following a breach. 

• Claims arising from publishing digital content if connected to a cyber incident or online presence. 

Important Considerations (Exclusions & Policy Language) 

• Retroactive Date/Prior Acts Coverage: Understand if the policy covers incidents that began before the policy effective date but are discovered after. 

• Waiting Periods/Deductibles/Self-Insured Retention (SIR): Clearly understand how much you'll pay out-of-pocket before coverage kicks in. 

• Policy Limits & Sub-limits: Be aware of the maximum payout for the entire policy period (aggregate limit) and for specific types of claims (sub-limits). 

• "War" Exclusion and Carve-back: Most policies exclude "acts of war." Understand if there's a "cyber terrorism" or "nation-state carve-back" that might provide coverage for sophisticated attacks. 

• Social Engineering/Funds Transfer Fraud Exclusions: These are common exclusions or require specific add-ons. Verify if these are key risks for your organization. 

• Minimum Security Controls/Warranties: Insurers will have requirements (e.g., MFA, EDR, regular backups, incident response plan, security awareness training). Failure to maintain these could void coverage. Be honest and thorough in your application. 

• Known Vulnerabilities/Prior Knowledge: Policies typically exclude incidents arising from vulnerabilities you knew about (or reasonably should have known about) but failed to remediate before policy inception. 

• Physical Damage: Standard cyber insurance generally excludes physical damage to property caused by a cyber incident (e.g., if a cyberattack causes machinery to break). This is usually covered by a property insurance policy. 

• Loss of Intellectual Property: Direct loss of IP value or future lost profits are often excluded. 

• Human Error/Negligence: While many policies cover human error if it leads to a cyber event, some might have exclusions for gross negligence or malicious insider acts. 

• Incident Response Panel: Many insurers have pre-approved panels of forensic, legal, and PR firms. Understand if you must use their panel or if you have flexibility. Using the insurer’s panel can streamline the response. 

• Timely Notification: Policies require prompt notification of a potential claim. Delays can lead to denial. 

Where NYSERNet Comes in... 

Think of cyber insurance as your institution’s financial safety net, vital when things go wrong, but not a substitute for building a fireproof house. It should be part of a broader cybersecurity ecosystem that includes regular testing, strong controls, and a culture of awareness. At NYSERNet, we help institutions understand the fine print, avoid coverage gaps, and ensure their policies are tailored to real-world risks specific to their institution. Together, we can help you prepare, protect, and recover.