Digital Property Replacement is a subset of the Breach Rectification coverage of the cyber liability policy that PBI Group recommends. This section covers the replacement of software, data and hardware which has been destroyed because of a network breach of your IT systems. A good example is your email system which could be corrupted during a breach and now users no longer have access to their emails. Below are excerpts from the policy and some commentary to help understand what is covered and not covered in this nuanced section.
“Digital Property Replacement means those reasonable and necessary costs incurred to replace, restore, or re-collect Digital Property from written records or from partially or fully matching electronic data records due to their alteration, corruption or destruction caused by a Network Security Failure. This shall include Network Security Failure Investigation Expenses; however, in the event that the Digital Property cannot be replaced, restored or recollected, Digital Property Replacement shall be limited to the reasonable and necessary costs incurred to reach this determination. “
Some importantly related definitions to help explain what is included in the above definition of Digital Property Replacement.
“Digital Property means software and data in electronic form which is stored on the Your Computer System. Digital Property shall include the capacity of the Your Computer System to store information,process information, and broadcast information over the Internet. “
“Your Computer System means a Computer System that is leased, owned, or operated by You; or operated solely for Your benefit by a third party service provider under written contract with You.”
“Computer System means computer hardware (including laptops and mobile devices), software, firmware, and the data stored thereon, as well as associated input and output devices, data storage devices, networking equipment and Storage Area Network or other electronic data backup facilities.”
So, in general, this section of coverage provides protection to restore your computer systems back to their pre-breach state of operations, including the rebuild of the information inside the systems. But there are some exclusions worth noting.
“Digital Property Replacement does not include:
- costs or expenses incurred to update, replace, restore, or otherwise improve Digital Property to a level beyond that which existed prior to the loss event;
- costs or expenses incurred to identify or remediate software program errors or vulnerabilities, or
- costs to update, restore, replace, upgrade, update, maintain, or improve any Computer System;
- costs incurred to research and develop Digital Property, including Trade Secrets;
- the economic or market value of Digital Property, including Trade Secrets;
- costs or expenses incurred due to ordinary wear and tear or gradual deterioration of Digital Property, including any data processing media; or any other consequential loss or damage.”
Other Exclusions with some additional clarification:
- “Solely with respect to Digital Property Replacement coverage, any transmission of unauthorized, corrupting or harmful software code, distributed attacks, viruses, worms or malware which is self-propagating.”
Digital Property Replacement is a 1st party coverage designed to protect the insured. This means that there is no 3rd party coverage for digital property replacement for someone else’s computer systems which maybe damaged by self-propagating/ harmful code from your computer systems. There may be other coverage under the Network Security and Privacy Liability section of the policy if a 3rd party sues but that is not considered digital property replacement.
- “Solely with respect to Digital Property Replacement coverage, any operator error, software error, faulty instruction, unintentional programming error, or failure in project planning.”
This means the damaging event must be breach related, not a flaw in your organization. You can’t cause the issue by something you did to your computer systems.
- “Solely with respect to Digital Property Replacement coverage, any accounts, bills, evidences of debt, money, valuable papers, records, abstracts, deeds, manuscripts or other documents, except as they have been converted to data processing media form, and then only in that form.”
This means that the policy will not manually re-collect digital data from physical documents which are listed above. For example, if your billing system was breached and is now destroyed but you have a bunch of physical invoices in boxes which were never entered into a system as data, the policy cover will not work through those physical files to enter them into the newly restored accounting system.
*Based on policy information provided by: Victor O. Schinnerer & Company, Inc.