First-Party vs. Third-Party Cyber Insurance

Cyber exposures can be separated into first-party and third-party risks, which require different types of coverage to be dealt with effectively. Below, we discuss the difference between first-party and third-party Cyber Insurance and how they help modern organizations mitigate different types of cyber exposures.

First-Party Cyber Coverage

In response to the growing concern over cyber crime, insurers began offering first-party Cyber coverage in the mid-2000s to protect businesses from the losses and expenses incurred from such incidents. It’s called “first-party” insurance because it covers only the insured’s costs and not those of affected stakeholders or other third parties.

A Cyber Insurance first-party coverage can help affected businesses pay for:

• Business interruption, covering loss of revenue due to a cyber attack
• Cyber extortion fees, such as paying a ransom to restore access to data and systems
• Notification costs for informing customers, vendors, and other stakeholders affected by the cyber crime
• Forensic investigation, which includes hiring experts to determine the cause and extent of the attack
• Crisis management, covering expenses of hiring a public relations team to manage reputational damage after a cyber attack
• Cost of protection services such as credit monitoring for affected stakeholders
• Data and asset recovery, which reimburses the cost of restoring damaged or lost data

Third-Party Cyber Coverage

Third-party Cyber Insurance pays for the costs associated with claims made by third parties who suffered losses as a result of a cyber attack on an organization. Third parties can include clients, vendors, employees, regulatory bodies, and other stakeholders.

Third-party Cyber Insurance typically covers the following:

• Legal fees, including attorney fees and court costs, if third parties sue the organization for the cyber attack
• Regulatory fines and penalties caused by noncompliance with industry or government standards
• Intellectual property coverage, including legal expenses arising from claims of intellectual property infringement
• Settlement fees and court judgments

What Cyber Liability Insurance Is Today

Cyber Liability Insurance protects businesses from the financial impacts of cyber crime. Initially, Cyber Liability Insurance focused on first-party Cyber coverage, such as business interruption losses, data recovery, and asset damage. However, as the cyber risk landscape evolved, so did the protection offered by Cyber Insurance policies. Today’s Cyber Insurance typically includes the following first-party and third-party coverage:

First-Party Cyber Coverage

• IT forensic costs
• Credit monitoring costs
• Crisis management
• Notification costs
• Coverage for cyber crimes such as ransomware

Third-Party Cyber Coverage

• Legal fees
• Settlement and court-ordered judgments
• Regulatory fines and penalties

Cyber Insurance brokers are uniquely positioned to help businesses assess their exposures and customize policies to their needs. They work closely with clients to help them choose the most appropriate first-party and third-party Cyber coverage that matches their unique risk profile. By helping them pick the right policy, brokers can protect their clients from the devastating consequences of a cyber attack.