The hallmark of a great (cyber) insurance policy is that it is broadly written to cover every imaginable loss scenario — yes, including those arising from a pandemic! — while clearly defining which scenarios are excluded from coverage. Unfortunately, many insurance policies take the opposite approach: they precisely define what is covered and exclude everything else. The problem with this approach is that coverage is limited by the policy author’s imagination. If they didn’t imagine the effects of a pandemic, their policy likely won’t adequately cover them (and, unfortunately, many don’t).

We founded Coalition to build the most holistic solution to cyber risk, including the broadest insurance coverage available. We stand by this, and were the first to broadly introduce coverage for property damage, bodily injury, and pollution resulting from a security failure, computer replacement & bricking coverage, account takeover/service fraud coverage, broad CCPA/GDPR coverage, and more.

But how does our policy stand-up in a pandemic where employees are now working remotely from home? Using personal (non-company owned) devices? Moving sensitive workflows over the public Internet and outside the cozy confines of the internal network? Using new software to maintain productivity? And what happens if an employee’s personal device is compromised or bricked? Let’s dive into this installment of...

Is it covered?

If you’ve purchased or are familiar with other forms of commercial insurance, such as property or commercial auto, you might be accustomed to the fact that coverage can be location-specific (e.g., if it happened at the workplace, it’s covered… if not, it’s not) as well as activity-specific (e.g., if it happened while in the performance of your job, it’s covered… if not, it’s not).

The coverage in your Coalition policy is galaxy-wide, on this planet and off. But before you laugh this point off, consider that some organizations have assets and networks in outer space. Imagination! We’ve got it, and your organization, employees, temp/seasonal workers, and even interns/volunteers are covered as a result of it.

BEWARE: If you or your clients have cyber insurance with another carrier, make sure your coverage is worldwide (preferably galaxy-wide!), and verify that definitions in the policy for “you” or “employees” includes temp or seasonal workers, interns, and volunteers.

But what if we allow employees to use their own devices (BYOD)?

You’re still covered! Coalition affirmatively covers any device used by your employees (including interns/volunteers/temp workers) in the course of your organization’s operations, no matter who the device belongs to.

BEWARE: Many cyber insurance policies limit coverage to devices owned or leased by an organization, as in this language excerpted from the policy of one of the largest cyber insurers in the US:

“Computer Systems means computers, any software residing on such computers and any associated devices or equipment operated by and either owned by or leased to the Insured Organization.” (Emphasis added)

This is not wording you want in your policy.

OK, what if we’re implementing new software and services: Is that covered, and do we need to inform you? Make any special changes?

We get it. Many organizations are rapidly adapting by making use of new technologies. Videoconferencing, VPNs, telehealth solutions (in the healthcare space), and so on. They’re all automatically covered and there is no requirement to inform us. Of course, you’re always welcome to do so anyway. Our security team is available 24/7 to answer your questions and help to keep your organization safe as you navigate unfamiliar territory. Check out our previous blog posts on how to stay secure (Part I) and productive (Part II) while working remotely.

BEWARE: Some policies require policyholders to backup and/or encrypt all computer systems as a condition of coverage. This is especially problematic as organizations introduce employee devices into their operations that they don't control. This is bad without a pandemic and even worse in the midst of one. Also, Coalition is the only insurance market with a dedicated, in-house security team available to our policyholders 24/7 at no cost (i.e., zilch: there is no deductible or self-insured retention, and services performed don’t erode the policy limit). Be sure to check what services are offered, if any, under other policies.

What happens if one of our employees’ devices is hacked or compromised? Will our Coalition policy cover it?

Yes, so long as the employee device was being used in the course of your organization’s operations. And remember, in our policy employees include interns, volunteers, temp and seasonal workers, and even independent contractors (with our Independent Contractor endorsement). We’ll even cover the cost to replace employees’ computer systems in our “Computer Replacement” coverage if they are completely ruined or “bricked”.

BEWARE: Coalition is among the only markets to provide “bricking” coverage for employee BYOD devices. If you or your clients have purchased coverage from another insurance market, make sure their computer replacement or “bricking” coverage extends beyond computer systems owned by the organization itself. Most don't cover this.

Is there anything special I should know about Coalition's claims process?

Just as important as coverage is how the policy responds when you have a claim. Coalition's policy is among the only policies in the market that is "pay on behalf" across every single coverage — at a time when cash is especially precious, our policyholders never have to pay losses or claims expenses out of pocket. Beware, most other policies only offer reimbursement, often well after the cost is incurred.

tl;dr

• A great cyber Insurance policy should respond to all cyber risk exposures, including those that emerge as a result of a pandemic;

• Coalition provides a GREAT cyber insurance policy with 1.) galaxy-wide coverage for no matter where your employees work or your assets reside, 2.) coverage for employee owned devices (i.e., including employees who bring their own device (BYOD)), 3.) automatic coverage for implementation of new technologies, and 4.) coverage for both organization-owned and employee-owned devices that are “bricked” or damaged during a cyber incident;

• BEWARE of limitations in other cyber insurance policies

If you’d like to learn more about Coalition, and how our holistic approach to cyber risk can help you or your clients, we’d love to hear from you!

Be safe & be well, Coalition Team

This article is meant as a summary only. Please read our policy for all coverages, terms, exclusions, and conditions.