1ST PARTY INSURANCE

First-party insurance covers your business’s own assets. This may include:

  • Loss or damage to digital assets such as data or software programmes

  • Business interruption from network downtime

  • Cyber exhortation where third parties threaten to damage or release data if money is not paid to them

  • Customer notification expenses when there is a legal or regulatory requirement to notify them of a security or privacy breach

  • Reputational damage arising from a breach of data that results in loss of intellectual property or customers

  • Theft of money or digital assets through theft of equipment or electronic theft


3RD PARTY INSURANCE

Third-party insurance covers the assets of others, typically your customers. This may include:

  • Security and privacy breaches, and the investigation, defence costs and civil damages associated with them

  • Multi-media liability, to cover investigation, defence costs and civil damages arising from defamation, breach of privacy or negligence in publication in electronic or print media

  • Loss of third-party data, including payment of compensation to customers for denial of access, and failure of software or systems


Data Protection regulations

The UK data regulator, the Information Commissioner’s Office, has said it is unaware whether insurance against GDPR fines is available, but in any event organisations should focus on good data practice. Fines imposed for criminal offences under the Data Protection Act 2018 (which supplements the GDPR in the UK) will not be insurable.

It is possible to insure the investigation costs, defence costs, and the costs to mitigate a loss (data monitoring, public relations, and crisis management).