Cyber incident response fund — Legal fees, forensics, notification costs, credit monitoring, public relations
Business interruption — Loss of net profits and continuing operating expenses from interruptions of insured’s systems; and with contingent business interruption, adds losses due to interruption of outsourced technology provider’s systems
Digital data recovery — Costs to restore or replace lost or damaged data or software
Network extortion — Reimburse extortion payments and negotiation expenses
Cyber, privacy and network security liability — Liability for failure to protect private or confidential information of others or failure of network security
Payment card loss — Contractual liabilities owed to payment card industry firms because of a cyber incident
Regulatory proceedings — Defense for regulatory actions and coverage for fines and penalties, where insurable by law
Media liability — Liability following defamation or copyright and trademark infringement onlinecosts
Computer fraud — Third party accessing insured’s computers to take money
Funds transfer fraud — Third party tricking a bank into transferring funds from insured’s account
Social engineering fraud — Third party tricking an employee into transferring money
As our dependence on technology continuously grows, so do the frequency, severity, and sophistication of cyber incidents. Chubb addresses growing cyber risks with a flexible and sustainable approach for policyholders. From coverage for widespread cyber catastrophes to rewarding good software security practices, Chubb addresses cybercrime evolutions with insurance innovations.
Widespread Event Endorsement
With the world becoming increasingly digitized and interconnected, widely used software programs, communication platforms, and technology platforms are leveraged and often relied upon by the vast majority of companies. A single attack upon and/or failure of one of these widely used platforms or technologies could create an aggregation risk that exceeds the insurance industry’s capacity to insure. In an effort to provide policyholders with coverage clarity and market stability, we provide affirmative and specific limits, retentions and coinsurance for widespread events. Learn more
Ransomware Encounter Endorsement
Ransomware attacks have grown dramatically in both frequency and severity. The loss to policyholders is far broader than just the value of the ransom amount. Whether the ransom is paid or not, policyholders often incur legal costs, forensic investigatory expenses, business interruption loss, digital data recovery costs, and potentially liability and legal defense costs. The ransomware encounter endorsement allows for tailoring of coverage limits, retention, and coinsurance for losses incurred as the result of a ransomware encounter.
Neglected Software Exploit Endorsement
Keeping software up to date is an important aspect of good cyber risk hygiene. Many losses can be prevented by patching vulnerable software before cyber criminals have an opportunity to exploit it, but some organizations may not patch software right away. Sometimes there are legitimate reasons why software updates need to be tested before being rolled out – and compatibility, capacity, or simple logistics issues may prevent even a well-run information security organization from deploying patches within the first day or week after they become available. Learn more
For policyholders that lack strong patch management hygiene, Chubb may address this risk by adding the neglected software exploit endorsement. This endorsement provides policyholders with a 45-day grace period to patch software vulnerabilities that are published as Common Vulnerabilities and Exposures (CVEs) within the National Vulnerability Database operated by the U.S. National Institute for Standards and Technology (NIST). After the 45-day grace period expires, there is risk sharing between the policyholder and insurer incrementally shifting to the policyholder, who takes on progressively more of the risk if the vulnerability is not patched at the 45-, 90-, 180-, and 365-day mark.
Much like an earthquake, widespread cyber events have catastrophic implications for many — and call for a different insurance approach. Watch the video to learn more about the risks.
Failure to update software opens companies to costly risk. Watch the video to learn about the cyber insurance implications.