9.1.1 Types of Cyber Insurance

Many companies choose to protect themselves against damaging cyber losses by buying cyber insurance. At least a third of all large companies in the United States buy specific cyber insurance. In many other countries the number of companies that have cyber insurance is lower, but increasing rapidly.

Insurance for cyber losses is one of the fastest-growing lines of insurance business, and is rapidly becoming a standard component of companies' risk management strategy to protect themselves against cyber loss.

There are various types of insurance available to cover cyber losses:

• Stand-alone commercial cyber insurance (also known as ‘affirmative’ cyber insurance) typically to reimburse a company for the costs it would incur as a result of a cyber attack such as a data breach or network compromise.
• Errors and omissions (E&O) insurance to cover a company's liability to a third party, for example if the third party suffers a privacy loss from the company having a data breach. E&O liability insurance is one of the oldest forms of cyber insurance.
• Commercial property all-risks insurance to cover physical damage and the business interruption that the physical damage causes if the damage results from a cyber attack. However, insurers are increasingly making cyber an explicit exclusion for commercial property insurance, and instead offering it as an extension for an additional premium payment. Be sure ...