Cyber insurance: What is first-party and third-party coverage
When you start looking at cyber insurance, you are likely going to encounter discussions of first- and third-party coverage. This is referring to the protection against losses incurred by first- and third-parties as a result of a cyberattack. First-party is all about you. The term refers to all of the losses you suffer directly because of the event. Third-party refers to all of the losses suffered by others as a result of the cyber event which hit your business. Generally, this is going to refer to your clients and others whose data you handled and that was compromised in some fashion as a result of the cyber event.
So, let’s take a high-level look at the risks that fall under first-party losses.
First Party losses – all about you
First-party is all about covering the direct and indirect losses that create economic loss for your business as a result of the criminal cyber event. Let’s start with the immediate consequence to your business from a cyber attack: that is the loss or damage to the electronic data you hold. That can be any electronic data that you possess, including the data of your clients. The compromising of customer data is of special concern when it includes Personally Identifiable Information (PII). PII can identify a specific individual. Examples include full name, address, social security number, birth date, etc. Cyber insurance would generally help you cover the expenses from a data breach only from a specified covered peril such as a DoS, hackers, virus, etc.
However, breaking out all of the first-party losses reveals quite a complex list of expenses. In our next blog, we will give you a breakout of the major expenses that can result from that initial criminal event.