The Privacy Regulatory Claims Coverage insuring agreement provides coverage for both legal defense and the resulting fines/penalties emanating from a regulatory claim made against the Insured, alleging a privacy breach or a violation of a Federal, State, local or foreign statute or regulation with respect to privacy regulations.
This 1st Party coverage reimburses an Insured for costs incurred in the event of a security breach of personal, non-public information of their customers or employees. Examples include:
The Security Liability insuring agreement provides coverage for the Insured for allegations of a "Security Wrongful Act", including:
The Multimedia Liability insuring agreement provides coverage against allegations that include:
The Cyber Extortion insuring agreement provides: Expense and payments to a harmful third party to avert potential damage threatened against the Insured such as the introduction of malicious code, system interruption, data corruption or destruction or dissemination of personal or confidential corporate information.
The Business Income and Digital Asset Restoration insuring agreement provides for lost earnings and expenses incurred because of a security compromise that leads to the failure or disruption of a computer system, or, an authorized third-party's inability to access a computer system. Restoration costs to restore or recreate digital (not hardware) assets to their pre-loss state are provided for as well. What's more, the definition of Computer System is broadened to include not only systems under the Insured's direct control, but also systems under the control of a Service Provider with whom the Insured contracts to hold or process their digital assets.
The Payment Card Industry Data Security Standard (PCI-DSS) was established in 2006 through a collaboration of the major credit card brands as a means of bringing standardized security best practices for the secure processing of credit card transactions. Merchants and service providers must adhere to certain goals and requirements in order to be "PCI Compliant", and under specific agreements, may subject an Insured to an "assessment" for breach of such terms. The policy responds to PCI assessments as well as claims expenses in the wake of a breach involving cardholder information.
The short answer is "No". While liability coverage for data breach and privacy claims has been found in limited instances through General Liability, Commercial Crime and some D&O policies, these forms were not intended to respond to the modern threats posed in today's 24/7 information environment. Where coverage has been afforded in the past, carriers (and the ISO) are taking great measures to include exclusionary language in form updates that make clear their intentions of not covering these threats. Additionally, even if coverage can be found in rare instances through other policies, they lack the expert resources and critical 1st Party coverages that help mitigate the financial, operational and reputational damages a data breach can inflict on an organization.
1687 Merrick Avenue, P.O. Box 704, Merrick, NY 11566
8615 Commodity Circle, Suite 15
Orlando, FL 32819
We have achieved success over the past 50 years through the commitment we show to our clients.
Our philosophy and goal today as in the past, is building sound long term relationships by earning your trust and by offering quality products and services to meet your individual needs.
We believe the key to this relationship is through sharing our wealth of knowledge with you.