More Things Your Cyber Policy Might Not Cover

The negative effects of a cyber attack are many and few cyber insurance policies cover them all, according to this post on the Channel Futures website. The writer, who is the Chief Security Evangelist for internet security company ESET, lists five things that many cyber policies won’t cover. Among them is the relatively cut-and-dried exclusion for nation-state attacks. (Even this exclusion, while on its face it appears precise and was singled out in a November 2021 Lloyd’s of London release, is subject to differing interpretations because in some cases it’s difficult to distinguish a private individual from a so-called state actor.) Also on the list are are more open-ended and difficult to quantify repercussions, like loss of intellectual property value and potential loss of future profits. Another common exclusion: “socially engineered financial fraud,” which refers to what happens when someone in a company gets tricked, e.g., by a “business email compromise” (BEC), and does such things as wire money to a bogus account. The writer advises reading policy exclusions carefully and getting legal advice if you have questions.