Is Data Compromise coverage the same as Cyber Liability? I receive this question often. The answer is: sometimes yes and sometimes no. In order to understand why, we will need to take a closer look and examine both the similarities and the differences.To begin with, it is important to understand there is no standard for either of these coverages in the insurance industry. Most insurers providing either of these coverages tend to use their own forms. Therefore, my comments may not be completely accurate with regard to all coverage forms for data compromise and/or cyber liability.
For the purposes of this article, we will be comparing the similarities and differences regarding the first party coverages. Some, but not all, Data Compromise policies include third party coverages, which normally pay defense and liability costs for actions brought by affected individuals as a result of a breach of personal information. But for the most part, there is little difference between the two from a third party standpoint. Therefore, we will not go any further with the third party aspect of these coverages.
The reason Data Compromise is not the same as Cyber Liability is because Data Compromise is a more specific coverage, often included in most Cyber Liability policies. Thus, Data Compromise may be considered the same because it is often part of the over arching Cyber Liability policy.
Data Compromise coverage insures a commercial entity when there is a data breach, theft or unauthorized disclosure of personal information. These policies help the insured to be compliant with breach notification laws and requirements, and offers services to affected individuals, such as credit monitoring and toll-free help lines. In a nutshell, this coverage provides the insured with the expenses associated with notifying affected individuals their personally identifiable information has been breached and helps them to minimize damages that may result. Data Compromise does not provide coverage to repair damages to the insured’s computer data and/or systems. Cyber Liability often provides coverage that helps with both of these exposures. Thus Cyber Liability covers both the expenses to notify affected individuals of data breaches and the expenses to make the insured whole for their own damages incurred.
So it is safe to say Data Compromise is not the same as Cyber Liability, but that Cyber Liability does normally provide Data Compromise coverage. Therefore, before you answer this question in the future, you probably would be wise to ask what coverage is desired before answering. If all your client wants is coverage for the notification expenses, Data Compromise will suffice. However, more times than not, a more robust coverage is desired and a Cyber Liability policy is the better choice.