Section 2 of the Cyber policy covers Breach Rectification. These are the coverage elements associated with the costs to react and respond to a system breach.
- Data Breach Team: This section focuses on providing the human resources and their related expenses needed to understand and address your breach. The team starts with a Data Breach Coach. (click here to find out what this is) , second is the cyber forensic professional needed to perform a structured investigation to determine what happened to which devices and what information was taken and hopefully figure out by whom. These specialists use a variety of approaches and software to analyze your network and computer devices to find the source of the breach and the evidence of stolen data and/or corruption event. The 3rd element in this subsection is the effort to comply with the various regulations required to notify your clients including credit protection services. Each state has their own laws which determine: what constitutes a breach, definitions of personal information, timing & method of notice, etc. Here is a link to a list of the state legislation. http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx
- Business Interruption Coverage: This element provides coverage for the loss of income (net profit before taxes) your business experiences because of an interruption in service of your computer systems. There is a 48-waiting period that needs to expire prior to being eligible for coverage.
- Digital Asset Loss: If you have a corruption event where your data is encrypted or altered or destroyed during a breach, efforts are required to restore your data. The software and electronic data stored in on your computer systems will be replaced, or restored from the previous electronic version or written records.
* Based on policy information provided by: Victor O. Schinnerer & Company, Inc. Every coverage situation is different, and the final outcome depends on the unique facts, law and insurance policy involved. The E&O policy contains reductions, limitations, exclusions and termination provisions that impact coverage for a specific event. Full details of the coverage are contained in the policy