{"id":510,"date":"2018-03-31T20:12:21","date_gmt":"2018-04-01T00:12:21","guid":{"rendered":"https:\/\/www.amp.legal\/blog\/?p=510"},"modified":"2018-04-17T10:56:08","modified_gmt":"2018-04-17T14:56:08","slug":"cyber-policy-transfers-breach-risk","status":"publish","type":"post","link":"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/","title":{"rendered":"Cyber Policy Transfers Breach Risk"},"content":{"rendered":"<p>A cyber insurance policy transfers risk to an insurance company for losses involving a cyber breach. However, a cyber insurance policy is not a substitute for implementing adequate safeguards to secure an organization\u2019s network.<\/p>\n<p>Cyber insurance may include first-party coverage and third-party coverage. First-party expenses include breach notifications and business losses. Third-party coverage includes regulatory fines and lawsuit liabilities.<\/p>\n<h3>Scope of Coverage<\/h3>\n<p>A cyber insurance policy usually offers the following coverage options:<\/p>\n<ul>\n<li><strong>Privacy Liability &#8211;\u00a0<\/strong>Protection for unauthorized access or use of confidential information<\/li>\n<li><strong>Regulatory Claims &#8211;\u00a0<\/strong>Protection for when an incident violates a governmental statute or regulation<\/li>\n<li><strong>Security Breach Response &#8211;\u00a0<\/strong>Access to a 24\/7 response team<\/li>\n<li><strong>Security Liability &#8211;\u00a0<\/strong>Protection for a security wrongful act, such as spreading a virus or preventing a third-party from accessing a system<\/li>\n<li><strong>Multimedia Liability &#8211;\u00a0<\/strong>Protection against allegations of online privacy torts, such as defamation, libel, slander, and invasion of privacy<\/li>\n<li><strong>Cyber Extortion &#8211;\u00a0<\/strong>Protection against extortion resulting from a network intrusion, such as ransomware<\/li>\n<li><strong>Business Income and Digital Restoration &#8211;\u00a0<\/strong>Pays for lost income and expenses from the result of an intrusion<\/li>\n<li><strong>PCI DSS Assessment &#8211;\u00a0<\/strong>Protection for non-compliance of <a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/PCI%20SSC%20Quick%20Reference%20Guide.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">PCI DSS<\/a> and to help offset the cost for lost credit card data<\/li>\n<li><strong>Terrorism Endorsement &#8211;\u00a0<\/strong>Provides insurance according to the Terrorism Risk Insurance Act (TRIA) for a cyberterroism event<\/li>\n<\/ul>\n<h3>Insurance Application<\/h3>\n<p>An insurance company expects that the organization will have certain security practices in place when obtaining a policy quote. A cyber insurance application usually requires the completion of a questionnaire about an organization\u2019s security policies, contingency plans, and network defenses. Questions may ask about the following:<\/p>\n<ul>\n<li>Written security policies<\/li>\n<li>Training procedures<\/li>\n<li>Mobile devices<\/li>\n<li>Backup procedures<\/li>\n<li>Encryption of data<\/li>\n<li>Third-party outsourcing<\/li>\n<li>Anti-virus software<\/li>\n<li>Firewall protection<\/li>\n<li>Network vulnerability testing<\/li>\n<li>Security penetration testing<\/li>\n<li>Intrusion detection and prevention<\/li>\n<li>History of cyber attacks on organization<\/li>\n<\/ul>\n<p>A question on the application may ask about specific details of an organization\u2019s security practice. For example,\u00a0a question may inquire if the anti-virus software is updated at least quarterly.<\/p>\n<h3><img decoding=\"async\" loading=\"lazy\" class=\"size-medium wp-image-512 alignleft\" style=\"float: left; padding-right: 1em;\" src=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/03\/rocky-path-300x175.jpg\" alt=\"Rocky Path\" width=\"300\" height=\"175\" srcset=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/03\/rocky-path-300x175.jpg 300w, https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/03\/rocky-path-768x448.jpg 768w, https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/03\/rocky-path-700x408.jpg 700w, https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/03\/rocky-path-520x303.jpg 520w, https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/03\/rocky-path-360x210.jpg 360w, https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/03\/rocky-path-250x146.jpg 250w, https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/03\/rocky-path-100x58.jpg 100w, https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/03\/rocky-path.jpg 900w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>Policy Underwriting<\/h3>\n<p>During the underwriting process, an insurance company may choose to perform an investigation, which includes ordering\u00a0site inspections, conducting interviews, and reviewing documents. Also,\u00a0the insurer may conduct an investigation during the processing of a claim.<\/p>\n<p>Before getting a quote for cyber insurance, an organization should understand the types of threats that a policy should cover. Management should carefully review breach scenarios with security experts and legal counsel to document the types of losses that need coverage. Otherwise, an insurance company <a href=\"https:\/\/www.amp.legal\/blog\/social-engineering-coverage-in-cyber-policies\/\">will not pay a claim<\/a> that the policy does not cover.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A cyber insurance policy transfers risk to an insurance company for losses involving a cyber breach. However, a cyber insurance policy is not a substitute for implementing adequate safeguards to secure an organization\u2019s network. Cyber [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":511,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[14,13,25,26],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cyber Policy Transfers Breach Risk - Cyber Law Blog<\/title>\n<meta name=\"description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber Policy Transfers Breach Risk - Cyber Law Blog\" \/>\n<meta property=\"og:description\" content=\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Law Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-04-01T00:12:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-04-17T14:56:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/03\/Risks.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/\"},\"author\":{\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\"},\"headline\":\"Cyber Policy Transfers Breach Risk\",\"datePublished\":\"2018-04-01T00:12:21+00:00\",\"dateModified\":\"2018-04-17T14:56:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/\"},\"wordCount\":432,\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"keywords\":[\"cyber insurance\",\"cyber security\",\"data breach\",\"ransomware\"],\"articleSection\":[\"Cyber Insurance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/\",\"name\":\"Cyber Policy Transfers Breach Risk - Cyber Law Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\"},\"datePublished\":\"2018-04-01T00:12:21+00:00\",\"dateModified\":\"2018-04-17T14:56:08+00:00\",\"description\":\"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.amp.legal\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber Policy Transfers Breach Risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#website\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"name\":\"Cyber Law Blog\",\"description\":\"Exploring technology law in cyberspace\",\"publisher\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.amp.legal\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#organization\",\"name\":\"Alice M. Porch, P.A.\",\"url\":\"https:\/\/www.amp.legal\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"contentUrl\":\"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png\",\"width\":1104,\"height\":1114,\"caption\":\"Alice M. Porch, P.A.\"},\"image\":{\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f\",\"name\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g\",\"caption\":\"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+\"},\"description\":\"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.\",\"sameAs\":[\"https:\/\/www.aliceporch.com\",\"https:\/\/www.linkedin.com\/in\/alice-m-porch\/\"],\"url\":\"https:\/\/www.amp.legal\/blog\/author\/amplegal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyber Policy Transfers Breach Risk - Cyber Law Blog","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/","og_locale":"en_US","og_type":"article","og_title":"Cyber Policy Transfers Breach Risk - Cyber Law Blog","og_description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","og_url":"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/","og_site_name":"Cyber Law Blog","article_published_time":"2018-04-01T00:12:21+00:00","article_modified_time":"2018-04-17T14:56:08+00:00","og_image":[{"width":900,"height":525,"url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2018\/03\/Risks.jpg","type":"image\/jpeg"}],"author":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/#article","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/"},"author":{"name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f"},"headline":"Cyber Policy Transfers Breach Risk","datePublished":"2018-04-01T00:12:21+00:00","dateModified":"2018-04-17T14:56:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/"},"wordCount":432,"publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"keywords":["cyber insurance","cyber security","data breach","ransomware"],"articleSection":["Cyber Insurance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/","url":"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/","name":"Cyber Policy Transfers Breach Risk - Cyber Law Blog","isPartOf":{"@id":"https:\/\/www.amp.legal\/blog\/#website"},"datePublished":"2018-04-01T00:12:21+00:00","dateModified":"2018-04-17T14:56:08+00:00","description":"Cyber Law Blog explores legal topics with technology including privacy law and cybersecurity.","breadcrumb":{"@id":"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.amp.legal\/blog\/cyber-policy-transfers-breach-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.amp.legal\/blog\/"},{"@type":"ListItem","position":2,"name":"Cyber Policy Transfers Breach Risk"}]},{"@type":"WebSite","@id":"https:\/\/www.amp.legal\/blog\/#website","url":"https:\/\/www.amp.legal\/blog\/","name":"Cyber Law Blog","description":"Exploring technology law in cyberspace","publisher":{"@id":"https:\/\/www.amp.legal\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.amp.legal\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.amp.legal\/blog\/#organization","name":"Alice M. Porch, P.A.","url":"https:\/\/www.amp.legal\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","contentUrl":"https:\/\/www.amp.legal\/blog\/wp-content\/uploads\/2017\/08\/AMP-Logo.png","width":1104,"height":1114,"caption":"Alice M. Porch, P.A."},"image":{"@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/2abed582dc9fbf067a8aa30d3e21453f","name":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amp.legal\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b0913e4ef042f9c502b709824db43e8f?s=96&d=mm&r=g","caption":"Alice M. Porch, Esq., CIPP\/US, C|EH, Security+"},"description":"Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal\/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.","sameAs":["https:\/\/www.aliceporch.com","https:\/\/www.linkedin.com\/in\/alice-m-porch\/"],"url":"https:\/\/www.amp.legal\/blog\/author\/amplegal\/"}]}},"_links":{"self":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/510"}],"collection":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/comments?post=510"}],"version-history":[{"count":8,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/510\/revisions"}],"predecessor-version":[{"id":521,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/posts\/510\/revisions\/521"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media\/511"}],"wp:attachment":[{"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/media?parent=510"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/categories?post=510"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amp.legal\/blog\/wp-json\/wp\/v2\/tags?post=510"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}