0% found this document useful (0 votes)

42 views99 pages

2023-2024 - The Betterley Report - Cyber Insurance Healthcare 2023

Market survey of cyber insurance for healthcare, covering rates, coverage trends, and insurer appetite

Uploaded by

Emma Day

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

42 views99 pages

2023-2024 - The Betterley Report - Cyber Insurance Healthcare 2023

Market survey of cyber insurance for healthcare, covering rates, coverage trends, and insurer appetite

Uploaded by

Emma Day

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 99

October 2023

CYBER INSURANCE FOR HEALTHCARE

MARKET SURVEY—2023

A Tough Line, but Insurers Continue To Offer Competitive Products

Richard S. Betterley, LIA

President
Betterley Risk Consultants, Inc.

Highlights of this Issue

■ Insurers Are Still in, but Wary

■ Extensive Data on Market Focus, Showing Interest Level for Specific

Segments of the Healthcare Industry

■ 16 Insurers Included in this Survey

■ Insurers Added: Liberty Mutual/Ironshore

■ Insurers Removed: CNA and TMHCC

■ Rates? Bouncing Around, but Generally Stable

■ Deductibles Remain Stable

Next Issue

December
Employment Practices Liability Insurance Market Survey
The Betterley Report

Editor’s Note: In this issue of The Betterley patient data or a simple release of data through
Report, we present our sixth review and evalua- the carelessness of an employee or vendor. The
tion of insurance products designed to protect risks also include theft of corporate informa-
against the unique risks of data security for tion, extortion, and interruption of services.
healthcare insureds. Risks include the breach of This version of The Betterley Report is
security by a hacker intent on stealing valuable focused specifically on healthcare insureds,
although it is based in part on our June
“Cyber/Privacy Insurance Market Survey.”
List of Tables There are 16 insurers that self-identified as
Contact and Product Information 17 having a significant interest in healthcare
Product Description 21 insureds included in our report (down from 17
Market Focus—Healthcare Organizations— in 2022).
Types and Size of Insureds 30
Market Focus—Managed Care Organizations—
36
Liberty Mutual/Ironshore was added to our
Types and Size of Insureds
participating insurers. TMHCC and CNA were
Capacity, Deductibles, Coinsurance, and Agent Access 42
Data Privacy: Types of Coverage and Limits Available
removed as they did not provide updated infor-
43
Data Privacy: Regulatory and Statutory Coverage mation.
Provided 45
Why Did We Focus on Health Care?
Data Privacy: Payment Card Industry Coverage Provided 46
Data Privacy: Coverage Triggers 47 A few reasons. First, there are a lot of
Data Privacy: Types of Data Covered 48 healthcare insureds buying (or at least seeking)
Data Privacy: Remediation Costs Covered 49 cyber insurance. We are regularly asked to
Data Privacy: Remediation Coverage Services 51
research products designed for those insureds.
Coverage Extensions and (Sub)Limits Available for
Cyber Insureds—Media Liability 53
Second, some of the exposures and cover-
Security Assessment Requirements (By a Third Party) 55
ages needed by healthcare insureds are spe-
First-Party Coverage: Direct Damage and
Business Interruption 56 cialized. And finally, the value-added risk
Coverage for Loss Resulting from State-sponsored or management services that a healthcare organi-
Terrorist Act 58
zation needs are specific to their industry.
Theft (First-Party) Coverage 60
Theft (First-Party) Coverage—Deceptive Funds Transfer Since one of the driving forces behind The
or Social Engineering 62
Betterley Report is to improve products by bet-
Extortion/Ransomware Coverage 64
ter informing insureds (and their advisers), we
Third-party Coverage: Bodily Injury and
Property Damage 68 hope to encourage more specialized—and
Third-Party Coverage 69 appropriate—products. With better informa-
Claims Reporting, Extended Reporting Period,
82
tion, perhaps insureds will find the products
Selection of Counsel, Consent to Settle
best suited to their needs.
Prior Acts 85
Coverage Territory 86 Unfortunately, there are not a lot of health-
Exclusions 87 care-specific cyber products on the market yet,
Risk Management Services 95 although we expect that there will be more.

Page 2
The Betterley Report

Some insurers use healthcare-specific endorse- the exposures, coverage, and services of cyber
ments, which seems like a good way to modify risk so that they can better serve their clients.
base policies that address broader cyber-expo- The products are complicated, making these
sure concerns. educational efforts a worthwhile and necessary
investment.
In this report, we also dig much deeper into
the types of organizations that the insurer is We have tried to present a variety of cover-
interested in (which is not practical in our ages to illustrate what is available in the market,
broader cyber/privacy all-industry survey in and 16 sources of insurance are included in this
June). Look at the two “Market Focus” tables in survey. These represent the core (but not all) of
this report for more detailed information about the cyber-risk insurance market for healthcare
the specific industry types and sizes of insured insureds.
each insurer will consider. One table is for While each insurer was contacted to obtain
healthcare providers, and the second table is for this information, we have tested their responses
managed care organizations. against our own experience and knowledge.
Recall that our cyber reports do not focus on Where they conflict, we have reviewed the incon-
coverage for technology providers, such as sistencies with the insurers. However, the evalu-
Internet service providers, technology consul- ation and conclusions are our own.
tants, and software developers. That market is Of course, the insurance policies govern the
reviewed in our February issue, “Technology coverage provided, and the insurers are not
Errors & Omissions Market Survey.” responsible for our summary of their policies or
The types of coverage offered by cyber-risk survey responses.
insurers vary dramatically. Some offer coverage In the use of this information, the reader
for a wide range of exposures, while others are should understand that the information applies
more limited. For the insured (or its advisers), to the standard products of the insurers and that
looking for proper coverage and choosing the special arrangements of coverage, cost, and
right product can be a challenge.
Most insurers offer multiple cyber-risk prod-
ucts, so crafting the coverage for each insured Insurers in this Survey
requires the best in risk identification and knowl-
AIG Allianz
edge of the individual covers. This is especially
Allied World At-Bay
true for healthcare insureds, who face exposures
Beazley Berkley Cyber Risk Solutions
not present for most insureds, such as the breach
CFC Chubb
of private healthcare information.
Cincinnati Coalition
More than most other insurance policies, Corvus Hiscox
cyber risk requires experienced risk profession- Liberty/Ironshore Resilience
als to craft the proper coverage. The insurance Travelers Zurich
industry continues to help brokers understand

Page 3
The Betterley Report

other variables may be available on a negotiated rapidly that insurers are forced to continually
basis. look at their underwriting and claims manage-
ment approaches. To protect themselves (and
Introduction their insureds) against this rapid evolution,
insurers must invest more time and attention—
As with all of our market surveys, cyber-risk and especially creative attention—than they
coverage represents a new, recently developed, might for a typical product.
or rapidly evolving form of coverage designed
to address the needs of new risks confronting Specialized cyber-risk insurance comes in a
organizations. Cyber-risk coverage epitomizes variety of forms, but we find it most helpful to
new insurance products, presenting insurance divide coverage into property, theft, or liability
product managers with challenges as they learn for surveying purposes. Some insurers offer lia-
what their insured’s need and what the insurers bility-only products, while others offer a com-
can prudently cover. bination of property, theft, and liability
coverages.
It could be argued that cyber insurance is
rapidly maturing, and there is some truth to
Interestingly, it seems that more of the prod-
that. Cyber is (maybe) not so new, at least in
ucts previously limited to liability and breach
terms of its availability (we started writing
response coverages have expanded to include
about cyber in 2000). But it is “new” in terms
extortion, property, and bodily injury liability,
of its recognition as a key component of most
and especially theft/extortion product options.
commercial insurance portfolios and in terms of
This indicates to us that customer demand is
its evolution of coverage wordings, which con-
increasing for these coverages.
tinue.

Cyber for healthcare insureds is somewhat In addition to monoline products, insurers

newer, in that there are fewer specialized are offering cyber-risk enhancements to exist-
products. Most insurers try to use their stan- ing policies, such as business owners, manage-
dard policy wordings for healthcare expo- ment liability, and other policies. These
sures. But there are signs of a trend in creating products take the form of a services-only prod-
specialized wordings and risk management uct (no risk transfer), services plus breach
services offerings for the healthcare industry. response coverage, and services plus breach
Since health care is an enormous part of the response plus risk transfer. Limits may be low,
economy (especially in the United States) and and options fewer, but the convenience and low
has its own special sources of exposure, it additional premium can make them quite
might benefit from having more specialized appealing to insureds. Whether they should buy
products. these products or should consider stand-alone
cyber policies requires careful analysis and
Cyber is also “new” in terms of the expo- consideration of exposure, risk tolerance, and
sures being underwritten. These are evolving so client/customer requirements.

Page 4
The Betterley Report

Healthcare Market Focus of Insurers Why are healthcare ransomware attacks

increasing?
The healthcare industry is different, and it
would be wise for insurers interested in that ■ The uninterrupted provision of healthcare
market to keep that in mind. services is vital, making providers an espe-
cially vulnerable target.
In our experience, healthcare clients expect
to see insurance products that are customized to ■ Resources are stretched thin, making pre-
their needs while utilizing terms that are com- vention and recovery more challenging.
mon in their industry. This expectation comes
in part from the prevalence of specialized medi- ■ Work from home means more electronic
cal malpractice insurers in this space as well as communication and lessened opportunity
the insureds’ involvement in industry-specific (and perhaps willingness) to double-
professional societies. Although from an under- check the authenticity of attachments and
writing and claims standpoint, this common instructions (though, of course, many
wording may not alter the meaning of the cov- healthcare workers are unable to work re-
erage. However, from the insured’s standpoint, motely).
it may bring a feeling that “they understand us.”
■ Economic pressures mean fewer resources
Surprisingly, we have not yet seen a lot of to protect against and respond to threats.
specialized healthcare-focused wordings. We
think that may eventually change as cyber We only had eight cyber-insurer responses
insurers look to dominate certain targeted to our questions about rate and retention
industries. trends, but we think they accurately reflect the
broader market. In summary, rate direction is
We like this idea—as cyber matures, cover- varying quite a bit, depending upon individual
ages will become fine-tuned to their insureds, insurers.
underwriting and claims teams will become
more specialized, and (importantly) risk man- Deductibles or self-insured retentions have
agement services designed for the insured’s returned to stability, with insurers reporting that
industry will become more widely available. they are mostly flat. Two exceptions were seen,
both from insurers that write a relatively small
State of the Market amount of business.

The big story for 2023 is the continuing The responses are confidential but are sum-
attacks via ransomware but also some return to marized in the table beginning on the next page.
stability in rates. Cyber-healthcare insureds are
not unique in experiencing increasing ransom- According to Verisk’s MarketStance busi-
ware claims, but they have been particularly ness, the healthcare sector represents a large
hard hit. and growing component of the overall cyber

Page 5
The Betterley Report

Sample Insurer Responses—

Rate and Deductible Trends (All Increasing Unless Noted)
Deductible or
Rate Trend
SIR Trend
Insurer Position in the Marketplace Insurer Market Focus
(Healthcare Cyber Premium Volume) (Size of Insured)
Own Market in Own Market in
Rates General Rates General

Small Small-Midsized to Large -5% -2% 25% 25%

Small Midsized to Large -24% -15% 50% 50%
Medium Small-Midsized Flat -10–15% Flat Flat
Medium Small-Midsized to Large -15% -25% Various Various
Small ? Excess Product -10% -25% Flat Flat
Primary Product Flat Flat Flat Flat
Medium Small-Midsized Flat Increasing Flat Flat
Large All Excess Product Decrease Decrease Flat Flat
Primary Product Flat Flat Flat Flat
Medium Small-Midsized -5% -10% Flat Flat

market. While the healthcare sector is behind and have the slowest revenue growth of the
the financial sector in terms of direct written three subsectors.
premium, its cyber premiums are estimated to
have grown from $743 million to over $1 bil- Healthcare organizations have been slow to
lion. This growth is partly due to cyber liabil- adopt cyber insurance in its earlier years. Per-
ity’s percentage of total property and casualty haps, this slow adoption was due to a lack of
premiums rising from 2.5 percent up to 3.1 per- appreciation for the value of coverage, an
cent. overly optimistic view of the efficacy of cyber
security, or tight expense control.
Exploring cyber liability’s distribution
among health care’s subsectors shows that hos- However, the purchase of new policies has
pitals comprise most of the premium in 2023. accelerated in the past few years. Why? Large-
Ambulatory healthcare services, such as doc- scale breaches have become distressingly
tor’s offices, are secondary to hospitals in terms common in health care. Not only is healthcare
of premiums but are even closer in revenue due personal information far more valuable (per
to higher revenue growth. Nursing care facili- record) than credit card information, but
ties form a minority share of cyber premiums healthcare cyber security has been widely

Page 6
The Betterley Report

underfunded as organizations struggle with physician group practices, or other participants

cost control. in the healthcare industry. These organizations
need cyber coverage at least as much (probably
Fortunately, the product and its value have more) as large healthcare systems and are likely
become better understood by both insureds and to be required by their business partners to
their advisers. carry coverage.

Another source of growth is the smaller Not specifically related to health care, but a
insured, whether it be community hospitals, driver for new insureds are losses due to

% of Cyber 2023 % of Sales 2023 Sales’ 4-Year Growth Rate

Source for the preceding two tables is Verisk/MarketStance®

Page 7
The Betterley Report

extortion via ransomware and social engineer- personal information), remediation costs to
ing/business email compromise. These are so respond to the breach, and coverage for fines
widespread that “it can’t happen to us” is no and/or penalties imposed by law or regulation.
longer a pervasive feeling.
Liability coverage is a pretty self-explana-
An Overview of tory protection for the insured should it be sued
for negligence leading to a security breach.
Data Privacy Coverage
Often, the coverage does not explicitly list a
In the data security business, there is a say- data breach as covered. Instead, coverage is
ing: there are organizations that have breaches provided as a part of a more general coverage
and know it, and there are organizations that grant for, as an example, failing to prevent
have breaches and do not know it—yet. unauthorized access to its computer system.

Some insurers offer more explicit coverage,

We find that prospective insureds (and their
such as an act, error, or omission that results in
agents and brokers) are most interested in cov-
a theft of data from a computer system. Both
erage for data breaches. This coverage is found
methods can work, but it is very comforting to
(or is available) in almost all cyber policies.
see a term such as theft of data included in the
Based on our research into privacy expo- coverage grant.
sures and coverage, we have identified the fol-
lowing six key areas that should be considered. Coverage Provided

■ Types of coverage and limits available Coverages fall into the following four cate-
gories.
■ Coverage provided
■ Liability—defense and settlement costs
■ Coverage triggers for the liability of the insured arising out
of its failure to properly care for private
■ Types of data covered data (including private healthcare data)

■ Remediation costs covered ■ Remediation—response costs following a

data breach, including investigation, pub-
■ Remediation coverage services lic relations, customer notification, and
credit monitoring
The Types of Coverage and
Limits Available ■ Regulatory fines and/or penalties—the costs
to investigate, defend, and settle fines and
There are three fundamental coverage types: penalties that may be assessed by a regulator
liability for loss or breach of the data (whether (most insurers now provide this coverage,
it be healthcare-specific or more generalized although at times only for defense costs)

Page 8
The Betterley Report

■ Payment card industry (PCI) fines and suffer a data loss may be required to notify their
penalties, including forensic services and customers with notice of the data loss, which
card reissuance costs can be expensive. Typically, they may also
want to mitigate the negative impact on their
Coverage Triggers reputation by providing credit monitoring ser-
vices for those same customers. This cost can
Coverage can be triggered by the following. also be significant.

■ Failure to secure data Remediation cost coverage is now offered

by most insurers. It can include the following.
■ Loss caused by an employee
■ Crisis management services
■ Acts by persons other than insureds
■ Notification of potentially affected cus-
■ Loss resulting from the theft or disappear- tomers
ance of private property (such as data that
resides on a stolen laptop or missing data ■ Credit monitoring
storage media)
■ Costs to resecure (that is, make secure
Types of Data Covered again) data

Some insurers specify the types of data cov- Remediation Coverage Services
ered; others do not. Specific types covered can
include the following. There can be a great benefit to the insured if
the remediation services are prenegotiated and
■ An individual’s personally identifiable in- prepackaged—much like kidnap and ransom
formation (PII), including healthcare in- coverage. Knowing how to respond to a loss
formation can be daunting.

■ Nonpublic data, such as corporate infor- Insurers often offer prepackaged and prene-
mation gotiated services provided by third-party ven-
dors. In some cases, the insured is required to
■ Nonelectronic data, such as paper records use designated vendors. In addition, some poli-
and printouts cies require the written consent of the insurer to
use the services. Finally, a few of these services
Remediation Costs Covered have a time limit for use, especially credit mon-
itoring.
Remediation is an area that is the primary
reason why many insureds buy cyber-risk Cyber insurers are not taking advantage of
insurance. This coverage is for the costs of the many healthcare industry cyber-security
responding to a data breach. Organizations that services that are designed specifically for the

Page 9
The Betterley Report

healthcare organization. We can understand dependent not only on the insurer’s underwrit-
why. Cyber insurance has grown so quickly ing philosophy but also on the nature and role
that it is a struggle to keep up with demand. Lit- of the applicant’s business being considered.
tle market segmentation has taken place, and
industry-focused products are rare. Coverage
Identifying risk management service provid- Property and Theft
ers to partner with is challenging enough—seg-
menting those providers into various industry The cyber-insurance industry offers property
specialties will take time. This general lack of and theft (first-party) coverage and liability
segmentation presents an opportunity for insur- (third-party) coverage; some insurers offer lia-
ers that are focusing on health care as an bility only, while others offer all. We expect
important segment. A more customized set of that more insurers will be offering combined
services may be an appealing added benefit that property and liability programs as the demand
makes a difference when an insured selects one for business interruption and extra expense cov-
insurer out of several otherwise comparable erage grows.
proposals.
First-party coverage protection for denial of
Security Assessment Requirements service (DOS) attacks against websites by
hackers is still a hot topic due to continuing
Insurer-required assessments of the prospec- attacks on leading Internet sites. Most property
tive insured’s security policies are rare now; the products cover this risk, although they are sub-
details are shown in the accompanying table. ject to negotiation and individual underwriting.
Typically, but not always, any required assess-
ment is free to the applicant. Theft exposures are sometimes not well
understood in cyber-risk risk assessments. The
Such an assessment can be very useful to the potential for traditional theft of money or goods
applicant, even if they do not buy the coverage. via the Internet is often recognized. However,
But, if they do, a favorable assessment may theft or destruction of data, extortion, and theft
help lower the insured’s premium. of computing resources sometimes are not cov-
ered.
Requirements may differ depending on
whether it is first-party or third-party coverage We find that insureds are still concerned
and can also vary depending on the type of about the theft of the economic value of intel-
business the insured is in. Some assessments lectual property. This comes from reports, we
are as simple (and easy on the applicant) as a believe, of increasing levels of industrial espio-
review of its website, while others require an nage by competitors and by governments acting
on-site review by third-party firms. Of course, in support of their economic and defense inter-
the scale and intensity of the assessment are ests.

Page 10
The Betterley Report

We have continued the approach we take in ■ Whether electronic funds transfer fraud of
our June “Cyber/Privacy Insurance Market Sur- the insured’s funds is covered
vey” report to use the “Theft (First-Party) Cov-
erage” table as well as the “Exclusions” table to ■ Whether coverage is offered for a custom-
capture the insurer’s coverage position regard- er’s loss of funds if they were deceived via
ing the theft of intellectual property. In asking a fraudulent communication purporting to
the insurers about this coverage, we empha- be from the insured
sized that it references the economic value of
■ Whether coverage is offered for a custom-
intellectual property. Unfortunately, we don’t
er’s loss of funds having bought from a
think that the responses are always accurate and
website purporting to be yours
will continue to refine them in our reports.
Theft of the economic value of intellectual Many organizations are experiencing cyber
property is a major breach exposure, and attacks that take control of data and demand a
insureds need coverage. For those interested, ransom payment to restore access. Coverage for
further investigation is recommended. these attacks may be a part of the policy’s theft
“Theft (First-Party) Coverage—Deceptive coverage, but given its prominence, we decided
Funds Transfer or Social Engineering” offer- that more specific information may be helpful
ings of each insurer for losses suffered by the to our readers.
insured because they were deceived into exe-
Two new tables have been created to pro-
cuting a funds transfer are provided in this
vide more specific information. They ask for
year’s report. These are often initiated by an
the following information.
email that purports to be from an authorized
executive telling the recipient to transfer funds ■ Is coverage offered?
to a fraudulent account (for example, an
account purported to be the vendor’s that turns ■ What is the coverage trigger?
out to be controlled by the thief).
■ The sublimit (if any)
These coverages are sometimes called social
engineering coverage, but we prefer the term ■ Deductible specific to this coverage
“deceptive funds transfer,” as not all coverages
are limited to social engineering. Another term ■ Does the coverage include the following?
used is business email compromise.
o Ransom payments
The table includes the following information.
o Incident response costs
■ The maximum limit available
o Cost of a ransom payment intermediary
■ The nature of the electronic missive covered (who handles the payment and recov-
(e.g., email, text, instant message, or phone) ery)

Page 11
The Betterley Report

■ Is payment in cryptocurrencies allowed? be met. Many insurers do not automatically

include subcontractors as insureds, although
■ Is the cost to rebuild or replace the affect- many can provide coverage by endorsement.
ed system covered (often recommended
instead of paying the ransom)? The definition of a “claim” also varies sig-
nificantly. Some insurers go to great lengths to
Liability define a “claim” and others use wording such as
“a demand seeking damages.”
Traditionally, bodily injury and property
damage losses were not covered by cyber poli- Coverage for liability arising out of alleged
cies. However, insurers should be changing media offenses has become a popular addition
their attitudes toward this. to cyber policies. As many insureds and their
brokers take cyber activities to mean “Internet”
AIG’s CyberEdge PC product introduced activities, accompanied by buzz about social
coverage that provides bodily injury and prop- networking, questions about coverage for libel,
erty damage protection that may result from a slander, and intellectual property are increas-
cyber attack. The coverage is provided on an ing. Many insureds are asking, “Where is the
excess and difference-in-conditions basis coverage?”
(meaning the insured’s other liability policies
will pay first, with CyberEdge stepping in Some coverage may already exist in the per-
where those policies do not cover, subject, of sonal injury portion of an existing general lia-
course, to its own coverage terms). bility policy. However, more specific—and
broader—coverage may be obtainable in a
Why may this be important? cyber policy.

■ Core commercial policies are increasingly This report includes a table that summarizes
often excluding cyber-related claims. the (optional) media liability coverage that they
may offer a cyber-risk insured. It includes the
■ It adds clarity in coverage for both the in- following information.
sured and the insured’s advisers.
■ Coverage that applies to all types of media
We think this coverage can be important and or is restricted to social media only
appealing to insureds. In 2015, a “Third-Party
Coverage: Bodily Injury and Property Damage” ■ Intellectual property rights that may be
table in this report was added asking the insur- covered
ers to indicate their position for both direct and
contingent bodily injury and property damage Claims Reporting,
coverage available in the cyber policies. ERP Options, and Counsel
The definition of “insured” differs on many Each liability policy reviewed is a claims-
policies, but special requirements can usually made form, so extended reporting period (ERP)

Page 12
The Betterley Report

options are important; look for bilateral ERP ■ Copyright infringement

wording.
■ Trademark or servicemark infringement
Selection of counsel continues to be a deli-
cate issue with insureds. As we frequently see ■ Patent infringement
in other new lines of coverage, insurers typi-
Generally, insureds should be careful to
cally reserve the right to select, or at least
review their exposures to these types of losses
approve, counsel. However, some insurers offer
and make sure they use insurers that are willing
an option for the insured to preselect counsel,
to offer the needed protections. Coverage for
while others allow selection from an existing
patent infringement, for example, is rarely (if
panel.
ever) offered in basic cyber-risk forms but can
As with all questions of counsel choice, we be purchased from a limited number of insurers
recommend that insureds discuss and agree as a separate intellectual property policy (as
with their insurer beforehand on the counsel discussed in the “Intellectual Property and
they want to use. Media Liability Insurance Market Survey“).

Generally, insurers can impose the infamous Exclusions

“hammer clause” on lawsuits that an insured
may not want to settle. The use of “soft” ham- Exclusions are many and varied, as would be
mer clauses continues to be prevalent in this expected; please read those tables carefully.
product line. The tables have been simplified by removing
exclusions primarily related to technology
Specific Coverages Included in Policy errors and omissions (E&O).

We have identified 10 specific coverages Rather than try to recite them here, the infor-
that may be, but are not always, included in a mation for each insurer is found in the “Exclu-
cyber-risk policy. They are the following. sions” tables. We include a question in the
“Exclusions 1” table, which asks whether the
■ Virus policy form includes an exclusion for failure to
maintain security standards. This is an
■ Unauthorized access
extremely troubling exclusion as it adds uncer-
■ Security breach tainty to the coverage.

■ Personal injury We have spoken with several underwriters

about this; our concern is that while an insured
■ Advertising injury is best served by adopting security procedures
and the insurer should consider those standards
■ Loss of use
(or the failure to adopt them) in the underwrit-
■ Resulting business interruption ing process, it is hardly fair to the insured to

Page 13
The Betterley Report

make the payment of a claim contingent upon tively new line of insurance, especially consid-
maintaining those standards. ering the wide array of potential services (and
potentially high cost).
At first, the requirement makes sense—it is
good for the insured, and it is reasonable for the But they are coming on strong—insurers
underwriter. The problem is, what happens now offer access to a broad array of pre- and
when the standards change or there is a mistake postbreach services, educational tools, and the
and the insured is out of compliance? like. These services would be useful to insureds
even if they did not access them through an
For us, the exclusion is hard to accept and insurer. But having an insurer identify, make
dangerous for the insured. An insurer may say known, and sometimes even help pay for these
that it would never apply the exclusion, but we services is a good thing.
would not be confident that it will never be
applied in the future. We have noted earlier that services designed
for healthcare insureds would be appealing and
We understand that warranties in the appli- perhaps even more effective than the services
cation should be enforceable, but this exclusion offered to the broader population of insureds.
goes too far. There are many cyber-security services that are
designed (or at least adapted) for healthcare
Risk Management Services organizations. Perhaps, insurers will begin to
adapt their services offerings to more specifi-
Cyber-related risk management services are
cally identify those services that are designed
an important product differentiator—a very
for health care.
positive development for the insureds, their
intermediaries, and the insurers themselves. For this report, we asked insurers to describe
Insureds and their advisers recognize the value services specific to healthcare insureds and to
that these services can bring. And insurers are separately identify those services they generally
becoming more convinced of their value in offer to all types of insureds.
controlling losses. But these services have a
long way to go before they reach their full Generally, insurers expect that the broad
potential. array of services are useful to healthcare
insureds, which we certainly think is true. How-
We have often commented on the parallels ever, more finely focused services for health
in services between the cyber-insurance line care exist and are offered.
and other lines, especially employment prac-
tices and property (highly protected risk partic- The generalized services often offered
ularly). Cyber-related risk management include the following.
services, while helpful, have been relatively
weak when compared with these other lines. ■ Active avoidance—Products and/or ser-
This is certainly understandable for a still rela- vices that help the insured actively protect

Page 14
The Betterley Report

data from breach or other covered loss (the additional and effective risk management tools
property analogy would be sprinklers), to their insureds.
which are intended to provide capabilities
that act independently to protect against The market is clearly maturing, coping with
activities that lead to breaches. a demanding claims environment. However, it
is doing a good job of offering quality cover-
■ Prebreach planning—These are services ages and services at reasonable prices.
and/or tools that help the insured to pre-
pare a contingency plan for use in the We see this as generally a good thing, as
event of a breach (think of disaster recov- insurers help encourage their insureds to be bet-
ery). ter protected against loss. Better-protected
insureds, through the positive influence of
■ Helpline—This is a staffed resource that cyber insurers, will make for a better claims
fields questions via telephone or email experience, a more stable market, and a safer
(think of an employment practices liability world.
insurance helpline).
But there is still far to go; the products too
■ Information portal—This is a source for often focus on breach of private data. Cover-
information and possibly tools to help in ages need to be broadened to include loss of
the management and response to data pro- intellectual property, resulting bodily injury and
tection and a breach. property damage, and damage to reputation.

Summary Some of these coverages will become more

widely available, we think, as insureds better
Cyber/privacy insurance is cautiously evolv- understand the actual risk and as they get better
ing in response to high demand, a high level of advice from their advisers.
claims, and an increasing type and level of
threats. Litigation over cyber policies contin- And more complete value-added risk man-
ues; recent court decisions will guide risk management services need to be made available to
agers and their advisers in the selection and insureds, scaled to their size and ability to use
negotiation of those policies. the services, and, of course, to the size of the
premium being charged. Services that are cus-
Insurers—especially those with lots of tomized for specific types of organizations,
cyber experience—are refining their under- such as health care, will become important to
writing tools, making increasingly valuable insurers (and insureds) that want to use best
risk management services available to their practices.
insureds and helping intermediaries better
understand the coverages that are needed. And Insurers will struggle with filtering out the
as is true of the cyber market in general, non- sometimes-optimistic claims of some cyber-
traditional sources of coverage are bringing security providers, who rightfully see the cyber-

Page 15
The Betterley Report

insurance business as a huge opportunity to We started researching cyber insurance in

grow their businesses. But insurers have limited 2000; little did we know that the product would
budgets to provide these services, so getting it be so important, so widely needed, and so fasci-
right will be vital to both the insurers and to nating. And there is more to come, especially in
their insureds. market segmentation.

* * * * * *

About the Author

Richard S. Betterley is the president of Betterley Risk Consultants (BRC), an independent

insurance and alternative risk management consulting firm. BRC, founded in 1932, provides
independent advice and counsel on matters important to the commercial property and casualty
insurance industry and its customers, alternatives to traditional insurance, and related services
throughout the United States. It does not sell insurance or related services.

Mr. Betterley is a frequent speaker, author, and expert witness on specialty insurance products and related
services. He is a member of the Professional Liability Underwriting Society. He joined the firm in 1975.

Mr. Betterley created The Betterley Report in 1994 to be the objective source of information about specialty
insurance products. Now published six times annually, The Betterley Report is known for its in-depth coverage
of management liability, cyber risk, privacy, intellectual property, and media insurance products.

Our reports are written for insureds, their advisers, and others interested in identifying which insurers are active
in their market, the distinctions between the many products offered, and trends in the marketplace. It does not
accept advertising or paid placement, ensuring our readers of the objectivity and completeness of our view of the
market.

Page 16
The Betterley Report

Contact and Product Information

Product
Name and
Primary Contact Type
Date Product Was First Introduced
Insurer/ Title (Liability
and
Date of Our Company Name Only,
Website Address for Product
Survey Mailing Address Property
Information
Phone/Email Only, or
Combined
Product)
Tracie Grella
Cyber Product Leader -Global
AIG AIG
netAdvantage introduced 1999
AIG CyberEdge updated 2013 with CyberEdge Plus added in
October 1271 Avenue of the Americas
CyberEdge® 2016
NY, NY 10019
2023 P: 212.458.1875
www.aig.com/cyber
[email protected]
Allianz Tresa Stephens
Global Cor- Head of Cyber North America Cyber 2020— Cyber Evolutionär
Allianz Global Corporate & Specialty Evolutionär
porate & 28 Liberty Street, 24th/25th Floor
Specialty New York, NY 10005 ACCEPT
October P: 917-833-4026 Protect 2016—ACCEPT Protect
[email protected]
2023
Jason W. Glasgow, Esq.
Senior Vice President, Cyber Lead
Allied World Allied World
Allied World has been writing Cyber since 2008.
Allied World Allied World Cyber was introduced in 2018.
October 1690 New Britain Ave
Cyber www.alliedworldinsurance.com/usa-professional-liability-
Farmington, CT 06032
2023 P: 860-284-1654
cyber-liability
[email protected]
At-Bay Michael Drummond
At-Bay Cyber Introduced August 2018
October Head of Cyber and Tech E&O
Insurance Policy www.at-bay.com/insurance/cyber/
[email protected]
2023
Paul Bantick
Group Head of Cyber Risks
Beazley Beazley Group plc Beazley Breach Beazley Breach Response introduced 2009, last updated
October 22 Bishopsgate Response and November 2017
London, EC2N 4BQ Beazley InfoSec Beazley InfoSec introduced 2006, last updated May 2018
2023 P: +44 (0)20 7674 7250
[email protected]
Berkley
Tracey Vispoli, President
Cyber Risk 412 Mt. Kimble Ave, Suite G50 Original product launched 2017
Berkley Cyber
Solutions Morristown, NJ 07960
Risk ProtectSM
Latest version: February 2018
P: (973)775-7494 www.berkleycyberrisk.com
October [email protected]
2023

Page 17
The Betterley Report

Contact and Product Information

Product
Name and
Primary Contact Type
Date Product Was First Introduced
Insurer/ Title (Liability
and
Date of Our Company Name Only,
Website Address for Product
Survey Mailing Address Property
Information
Phone/Email Only, or
Combined
Product)
Cyber 3.0
Combined
cyber, privacy
and media (in-
cluding first and
third party)
Cyber
James Burns Healthcare
CFC Head of Cyber As above but
Original product launched 1999, latest version:
85 Gracechurch St specific to
October London EC3V 0AA healthcare sec-
February 2018
www.cfcunderwriting.com
2023 P: +44(0)207 220 8500 tor (Cyber 3.0
[email protected] updates to be in-
corporated into
healthcare form
shortly)
Corporate Cyber
Product for the
$2 billion+
companies
Cyber Enter-
prise Risk Man-
agement (US
Matt Prevost, Senior Vice President Policy form).
Chubb Chubb, NA Cyber ERM: 2016 & 2017. First Chubb cyber product(s)
436 Walnut Street Additional written in 1998
October Philadelphia, PA 191006 multi-line prod- www.chubb.com/us-en/business-insurance/products/cyber-
2023 (215) 640-1859 uct(s) include insurance.html
[email protected] CyberERM (in-
ternational
form) & Integ-
rity+ by Chubb.
Steve Brugger
Product Director Cincinnati
Cincinnati Cincinnati Insurance Co. Cyber Defense March 2016
October 6200 S. Gilmore Rd. (combined first Revised August 2020
Fairfield, OH 45014 and third party) www.cinfin.com/
2023 P: 513-603-5269
[email protected]
Shawn Ram
Head of Insurance
Coalition 55 2nd Street
Coalition Cyber January 2018
October Floor 25
Policy www.coalitioninc.com
San Francisco, CA 94105
2023 P: 415-429-3046
[email protected]

Page 18
The Betterley Report

Contact and Product Information

Product
Name and
Primary Contact Type
Date Product Was First Introduced
Insurer/ Title (Liability
and
Date of Our Company Name Only,
Website Address for Product
Survey Mailing Address Property
Information
Phone/Email Only, or
Combined
Product)
Brian Alva
Corvus In- Head of Cyber Underwriting
Corvus Insurance Holdings
surance 100 Summer St
Smart Cyber In- June 2018
October surance www.corvusinsurance.com
Boston, MA 02211
2023 Phone: 213-908-1872
[email protected]
Chris Hojnowski
Cyber Product Head
Hiscox Hiscox USA First offered in 1998
Hiscox
October 90 Park Avenue, 27th Floor
CyberClear
Product updated Q4 2019
New York, NY 10016 www.hiscox.com/brokers
2023 P: 201-401-8809
[email protected]
Brian Ross
Liberty Mu- Underwriting Manager Financial
Lines – Cyber, Tech, MPL
tual / Iron- Liberty Mutual Insurance / Ironshore
Data Insure 2.0
February 2012
First- and third-
shore 28 Liberty Street
party cyber cov-
business.libertymutual.com
5th Floor www.Ironshore.com
October New York, NY 10005
erage
2023 P: 646-826-6758
[email protected]
Yosha DeLong
Mosaic In- Global Head of Cyber
Mosaic Insurance
surance 65 W. 36th St, 8th Floor
Mosaic Cyber May, 2023
October New York, NY 10018
Insurance Policy www.mosaicinsurance.com
2023 P: 312-952-4191
[email protected]
Charles Pruzinsky
Resilience Chief Underwriting Officer
Resilience December 2020
October Resilience Cyber Insurance Solutions
Cyber www.resilienceinsurance.com
275 Madison Avenue
2023 New York, NY 10016
John Menefee
CyberRisk Product Manager
Travelers Bond & Specialty Insur-
ance
Travelers 6150 Oak Tree Blvd.
CyberRisk—for
CyberRisk for bond and specialty insurance launched in
Independence OH 44131 2011. The form was revised and enhanced in 2020. Began
October P: 216-643-2197
private and non-
writing cyber for health care in 2015.
profit entities
2023 [email protected] www.travelers.com
Tim Francis
Travelers Enterprise Cyber Lead
P: (860) 277-0473
[email protected]

Page 19
The Betterley Report

Contact and Product Information

Page 20
The Betterley Report

Product Description (In the Insurer’s Own Words)

Insurer Products Offered to Healthcare Insureds
AIG CyberEdge is a comprehensive risk management solution for cyber insurance that provides an additional layer of
defense to a company’s own IT department as well as strong protection in the event of a data breach. AIG’s solution pro-
vides risk consultation and prevention, along with the CyberEdge policy which allows the applicant to select the appro-
priate coverage as outlined below:
- Security & Privacy Coverage: Defense and indemnity for legal liability to others arising from a network secu-
rity failure or privacy event.
- Event Management - responds to the costs to retain public relations services to assist in managing and miti-
gating a covered privacy or network security incident.
- Information Asset: First-party coverage for the cost to recreate or restore data or information destroyed from
a failure of network security.
- Network Interruption: responds to an insured’s loss of income and operating expenses when business opera-
tions are interrupted or suspended due to a failure of network security.
AIG - Cyber Extortion: pays to settle network security related extortion demands made against the insured.
- CyberEdge Plus – expanded Network Interruption: covers business income loss and expenses to reduce loss
as a result of breach involving property damage
- CyberEdge Plus – First Party Property Damage: covers physical loss or damage to insured property as a re-
sult of a breach
- CyberEdge Plus - Third Party Bodily Injury & Property Damage: covers bodily injury or damage to others’
property caused by a breach
- CyberEdge Plus – Products/Completed Operations Coverage: covers bodily injury or property damage caused
by a breach of a computer system that is part of an insured’s product
Eligible CyberEdge policyholders may have access to complimentary tools and services that will provide knowledge,
training, security, and consultative solutions. Clients can also improve their level of protection and preparation by taking
advantage of additional services at preferred rates from AIG’s cyber risk consultants and our expert partners. Visit
www.aig.com/CyberRiskConsulting to learn more.
AGCS provides a comprehensive suite of offering via the Evolutionar and ACCEPT products, including a variety of
E&O modules and first and third party cyber-related coverages.
 Third Party Liability Coverage grants:
o Privacy and Network security liability - for personal & corporate data and for hacked or compro-
mised systems including denial of service attacks
o Regulatory Claim Liability
o PCI Liability – for E-payment liability, PCI fines and penalties coverage
o Media liability - for digital publications
o Tech E&O
o Miscellaneous E&O
o Employed lawyers
Allianz (AGCS)  First Party Coverage grants:
o Incident Response
 Data breach costs - including notification costs & IT forensic costs
 Restoration costs for data & programs - resulting from a cyber business interruption
event
 Crisis communication - to mitigate reputational damage
o Cyber Extortion Loss
o Business interruption - caused by a cyber incident
o Dependent business interruption
o Reputational harm
o Various cybercrime extensions
Allied World Cyber policy is modular and provides the following coverages: Network Security and Privacy Liability;
Media Liability; Professional Services E&O Liability; Technology Services E&O Liability; Incident Response, which
consists of Breach Consultation, Data Forensics, Breach Response and Public Relations (each of which is available in
addition to the aggregate limit); PCI Expenses; Network Extortion; Cyber Crime (including Social Engineering Fraud,
Funds Transfer Fraud and Telecommunications Fraud); Data Restoration; Business Interruption (including System Fail-
Allied World ure and Contingent Business Interruption); Supplemental Expenses; and Disciplinary Proceedings coverage; as well as
Contingent System Failure, Bricking, and Reputational Harm via Endorsement
In addition, the product provides our Insureds with access to FrameWRXSM, a managed platform that provides a set of
cyber risk management solutions. Developed in conjunction with key vendors, it offers services designed to enhance an
organization’s cyber security preparedness and their ability to respond to an event.

Page 21
The Betterley Report

Product Description (In the Insurer’s Own Words)

Insurer Products Offered to Healthcare Insureds
At-Bay’s Cyber Insurance Policy base form provides comprehensive cyber coverage, plus At-Bay Stance is provided as
part of the insured’s policy. At-Bay Stance is a managed risk solution for keeping digital risk at bay. It combines mis-
sion-critical products and services that reduce cyber risk by centralizing and prioritizing threats, including access to on-
demand experts to advise on security issues, an easy-to-use dashboard with proactive network security scans, and access
to exclusive discounts on software and services identified as most effective at reducing cyber risk. Standard cyber cover-
age and services include the following:

Standard Cyber coverages include:

● Information Privacy Liability & Event Response
● Regulatory Liability & Event Response
● PCI-DSS Liability & Event Response
● Network Security Liability & Event Response
● Direct and Contingent Business Interruption
● Cyber Extortion Liability
At-Bay ● Financial Fraud including Social Engineering & Computer Fraud
● Media Content Liability & Event Response
Standard additional coverages:
● Reputational Harm
● Contingent and Direct System Failure
● Voluntary & Preventative Shutdown Coverage
● Invoice Manipulation Coverage
● Funds Transfer Fraud Coverage
● Bricking Coverage
● HIPAA/HITECH/PCI-DSS Betterment Coverage
● Voluntary Notification Costs
● Contingent Bodily Injury
● Cryptojacking & Utility Fraud
At-Bay Stance
The Beazley Breach Response (BBR) and Beazley InfoSec (InfoSec) policy forms provide coverage for:
BREACH RESPONSE
Breach Response Services (BBR Form)
Beazley’s innovative Breach Response policy provides comprehensive breach response services through its industry lead-
ing BBR Services group that works with Insureds and Beazley’s network of breach response service providers to thor-
oughly and efficiently respond to a breach incident. The limit of coverage applicable to Breach Response Services separate
from and in addition to the policy aggregate limit of liability. BBR’s Breach Response Services include: (i) for an attorney
to provide necessary legal advice to the Insured Organization; (ii) for a computer security expert to determine the existence,
cause and scope of an actual or reasonably suspected Data Breach, and to assist in containing it; (ii) for a PCI Forensic
Investigator to investigate the existence and extent of an actual or reasonably suspected Data Breach involving payment
card data and for a Qualified Security Assessor to certify and assist in attesting to the Insured Organization’s PCI compli-
ance, as required by a Merchant Services Agreement; (iv) to notify those individuals whose Personally Identifiable Infor-
mation was potentially impacted by a Data Breach; (v) to provide a call center to respond to inquiries about a Data Breach;
(vi) to provide a credit monitoring, identity monitoring or other solution to individuals whose Personally Identifiable In-
formation was potentially impacted by a Data Breach; and (vii) public relations and crisis management costs directly
related to mitigating harm to the Insured Organization .
Beazley Breach Response Costs (InfoSec Form)
Coverage for costs incurred by the Insured Organization for the services listed above.
FIRST PARTY LOSS
Business Interruption Loss (Both Policy Forms)
Coverage for income loss and forensic expenses sustained by the Insured Organization as a result of interrupted business
operations following a security breach or system failure.
Dependent Business Interruption Loss (Both Policy Forms)
Coverage for income loss sustained by the Insured Organization as a result of interrupted business operations following a
security breach or system failure at an entity that is not part of the Insured Organization but which provides products or
services to the Insured Organization pursuant to a written contract.
Cyber Extortion Loss (Both Policy Forms)
Coverage for payments made by or on behalf of the Insured Organization to prevent or respond to a threat to (i) alter
destroy, damage, delete or corrupt data; (ii) perpetrate the unauthorized access or use of the Insured Organizations com-
puter systems; (iii) prevent access to the Insured Organization’s computer systems; (iv) steal, misuse or publicly disclose
data, personally identifiable information or third party information; (v) introduce malicious code into the Insured Organi-
zation’s computer systems; (vi) interrupt or suspend the Insured Organization’s computer systems.
Data Recovery Costs (Both Policy Forms)

Page 22
The Betterley Report

Product Description (In the Insurer’s Own Words)

Insurer Products Offered to Healthcare Insureds
Coverage for necessary costs incurred by the Insured Organization to regain access to, replace or restore software or elec-
tronic data as the direct result of a security breach.
LIABILITY
Data & Network Liability (Both Policy Forms)
Coverage for: (i) theft, loss or unauthorized disclosure of personally identifiable information or third party information;
(ii) alteration, corruption, destruction, deletion, or damage to a data asset stored on computer systems; (iii) failure to pre-
vent transmission of malicious code from computer systems to third party computer systems; (iv) participation by the
Insured Organization’s computer system in a denial of service attack directed against a third party computer system; (v)
failure to timely disclose a covered breach incident in violation of any breach notice law; (vi) failure to comply with a
privacy policy; and (vii) failure to administer an identity theft program or information disposal program as required by
specified federal law.
Regulatory Defense and Penalties (Both Policy Forms)

Penalties that the Insured is legally obligated to pay because of a regulatory proceeding resulting from a covered breach
incident
Payment Card Liabilities & Costs (Both Policy Forms)
Coverage for monetary fines and penalties owed by the insured under a Merchant Services Agreement.
Media Liability (Both Policy Forms)
Covers the creation, display, broadcasting, disseminating or releasing of media material (words, sounds, numbers, im-
ages or graphics) by or on behalf of the Insured Organization (both off-line and on-line covered).
ECRIME
Fraudulent Instruction (Both Policy Forms)
Coverage for any direct financial loss sustained by the Insured Organization resulting from the transfer, payment or deliv-
ery of money or securities as a result of a fraudulent written, electronic, telegraphic, cable, teletype or telephone instruction
provided by a third party with the intent to mislead the Insured Organization.
Funds Transfer Fraud (Both Policy Forms)
Coverage for any direct financial loss sustained by the Insured Organization resulting from fraudulent written, electronic,
telegraphic, cable, teletype or telephone instruction by a third party issued to a financial institution directing said institution
to transfer, pay or deliver money or securities from any account maintained by the Insured Organization without the Insured
Organization’s knowledge or consent.
Telephone Fraud (Both Policy Forms)
Coverage for any direct financial loss sustained by the Insured Organization resulting from a third-party gaining access
to and using the Insured Organization’s telephone system in an unauthorized manner.
Berkley Cyber Risk ProtectSM provides first and third-party cyber coverage for emerging Healthcare exposures, comple-
mented by pre- and post-breach services. Expansive first and third-party coverages that provide options for separate lim-
its and retentions, subject to an annual policy aggregate, allowing flexibility to choose only coverages meeting policy-
holder needs. Optional notification & ID monitoring outside the limit is available and is built into the policy.

Berkley Cyber Risk ProtectSM policyholders are automatically afforded the Supplemental Coverage which provides for a
return premium to reimburse eligible expenses the insured incurs during the policy period to mitigate against the likeli-
hood and severity of a future Data Security Event.

Available third-party coverages include:

 Data Security & Privacy,
 Regulatory Defense, Fines and Penalties,
 PCI-DSS, and
Berkley Cyber Risk  Cyber Media
Available first party coverages include:
Solutions  Data Breach Response Expenses, including Data Restoration
 Optional Notification & Monitoring cost outside the policy aggregate limit
 Business Interruption/Extra Expense
 System Failure Business Interruption/Extra Expense
 Contingent Business Interruption/Extra Expense
 Reputational Risk Income Loss
 Ransomware Extortion
 Cyber Crime Loss
 Social Engineering Loss
Additional policy features provided to policyholders include:
 24-hour breach hotline for assistance
 Zero retention for use of preferred breach counsel
 Accounting Forensic Services Expenses of $ 50,000 not subject to the aggregate limit

Page 23
The Betterley Report

Product Description (In the Insurer’s Own Words)

Insurer Products Offered to Healthcare Insureds
Cyber Healthcare is a comprehensive first- and third-party cyber, privacy and media policy designed to cover the major
risks associated with the use of data and technology and to protect the unique exposures faced by the healthcare industry.
Designed to plug the gaps left by most traditional insurance policies, Cyber Healthcare has evolved over a period of
more than fifteen years to address the changing risk profile of companies that rely on technology to run their business.
Policy highlights include:
Each and every claim limit on first party cyber cover: this reinstates the limits in full for unconnected cyber claims
Discovery based trigger with full prior acts as standard
Management liability arising from a cyber attack
Bodily injury arising from a cyber attack
Corrective action plan costs cover – unique to healthcare entities
Separate limit for all incident response costs with nil deductible as standard for initial response
Comprehensive privacy liability including: full limits for regulatory actions, cover for contractual breaches (including
NDAs, confidentiality indemnities, merchant agreement breaches, and breaches of companies own privacy policy), and
cover for PCI related fines and penalties.
Privacy breach notification including: legal costs to draft letters, cost to administer breach response, cost to cover fo-
CFC rensic investigations, and credit monitoring
Comprehensive cyber liability including: virus and hacking liability cover
Comprehensive media cover including: on and offline media, IP infringement, defamation, negligent content, social
media and user generated content
System damage and business interruption including: all risks data recovery and system restoration, loss of revenue
cover arising from virus, hacking, or malicious insider. Cover extends to third party hosting companies.
Consequential reputational harm cover including cover for loss of profits occurring as a result of damage to the brand
due to a security breach or system downtime
Cybercrime cover including cover for unauthorized transfer of funds, telephone hacking, phishing scams, social engi-
neering and theft of personal funds.
Technology E&O
Cyber Healthcare includes the above cover plus specific covers for business interruption tailored to the healthcare sector,
cover for corrective action plan costs and cover for post-breach remediation services.
Corporate cyber offer large limits (up to $50 million) to protect against catastrophic data breach and system outage
events.
With Chubb’s Cyber ERM policy, insureds have access to a distinctive level of cyber protection that only Chubb can
offer: market-leading cyber insurance backed by the financial strength of Chubb’s AA+ balance sheet, accompanied by
extensive loss mitigation and incident response services that are available to all Chubb Cyber customers in North Amer-
ica.
Base Insuring Agreements:
Cyber Incident Response Fund: Legal fees, forensics, notification costs, credit monitoring, public relations, etc.
Business Interruption: Loss of profits and expenses from interruptions of insured’s systems; and with Contingent Busi-
Chubb ness Interruption, adds losses from interruptions of others’ systems;
Digital Data Recovery: Costs to restore or replace lost or damaged data or software
Telephone Toll Fraud: Costs incurred as phone bill charges due to fraudulent calling
Network Extortion: Payments to prevent digital destruction/ impairment
Cyber, Privacy and Network Security Liability: Failure to protect private or confidential information of others, and fail-
ure to prevent a cyber incident from impacting others’ systems
Media Liability: Copyright and trademark infringement within scope of defined media content
Cincinnati Cyber Defense combines first and third-party coverages to include:
Response Expenses – Pays costs your client incurs by responding to a data breach and includes expenses for providing
services to assist your client’s customers, employees and others affected by the breach such as: Forensic information
technology services, loss of income due to reputational harm, legal review to help to determine notification require-
ments, preparation of notification letters, services to help individuals affected by the breach, public relations services and
reward payments
Computer Attack – Helps your client’s business recover after a cyberattack and pays for: data restoration, data re-crea-
tion, system restoration, public relations expenses, telecommunications fraud and reward payments
Cincinnati Loss of Business Income - Loss of income due to a computer attack or system failure, and includes coverage for: Contin-
gent losses arising from IT service providers, extended income recovery, voluntary shutdown to reduce insured loss or at
the request of law enforcement
Cyber Extortion - Pays for the cost of an investigator your client retains relative to an extortion threat – including ran-
somware and includes reward payments
Identity Recovery - Protects qualifying owners or key employees of the insured business if they become identity theft
victims, whether or not the identity theft is related to a data compromise at their businesses
Data Compromise Liability - Pays on behalf of your client the expenses that result from legal or regulatory actions
against your client arising from a data breach or privacy violation. Also includes regulatory and PCI fines and penalties

Page 24
The Betterley Report

Product Description (In the Insurer’s Own Words)

Insurer Products Offered to Healthcare Insureds
Network Security Liability - Protects your client’s business from third-party liability and pays claims on behalf of your
client if weakness in your computer system’s security is exploited by a cyberattack
Media Liability - Provides coverage for defense and settlement costs and pays on behalf of your client expenses incurred
if a third party sues your client claiming that your client’s electronic or other communications resulted in: defamation,
violation of a person’s right of privacy, interference with a person’s right of publicity and infringement of copyright or
trademark
Coalition is an insurance and cyber risk management firm dedicated to managing and mitigating technological (i.e.,
cyber) risk. Its mission is to solve cyber risk by helping organizations remain resilient to the pervasive and dynamic risks
that accompany technology adoption. The company does this by combining insurance, cybersecurity, and technology to
deliver a comprehensive offering to solve cyber risk:
- Insurance – broad form offering:
o Network and Information Security Liability
o Technology Errors & Omissions
o Regulatory Defense and Penalties
o Multimedia Content Liability
o PCI Fines and Assessments
o Breach Response (provided outside the limits)
o Crisis Management and Public Relations
o Reputation Repair
o Reputational Harm Loss
o Cyber Extortion
Coalition o Business Interruption and Extra Expenses (as low as 1 hour waiting period)
o Digital Asset Restoration
o Funds Transfer Fraud
o Service Fraud (incl. cryptojacking)
o Computer Replacement (including bricking coverage)
o Bodily Injury and Property Damage (1st and 3rd Party)
o Pollution
o Invoice Manipulation
o Criminal Reward Coverage
o Court Attendance Costs
- Cybersecurity
o Cyber risk assessment and recommendations
o Active risk mitigation apps and tools (DDoS mitigation, bug bounty, credential monitoring, etc.)
o Captive incident response and security capabilities

Captive incident response capabilities – provided outside the limits and at $0 retention
Smart Cyber Insurance is a technology-enabled monoline cyber liability policy that utilizes best-in-class web scanning
tools to assess an organization’s IT security hygiene throughout the policy period. Policyholders are provided with risk-
prioritized assessments that may red-flag cyber vulnerabilities arising from internal and external sources. Smart Cyber
Insurance includes broad first party and third party insuring agreements in the base policy form, including: Network Se-
Corvus curity and Privacy Liability, Regulatory Investigations, Fines, and Penalties, Media Liability, PCI DSS Assessment Ex-
penses, Breach Management Expenses, Business Interruption, Contingent Business Interruption, Digital Asset Destruc-
tion, System Failure Coverage, Social Engineering and Cyber Crime, Reputational Loss, Cyber Extortion and Ransom-
ware, and Court Attendance Costs. Additional coverage enhancements may be available via endorsement.

Page 25
The Betterley Report

Product Description (In the Insurer’s Own Words)

Insurer Products Offered to Healthcare Insureds
Hiscox CyberClear is a modular policy with separate coverage parts sharing common General Terms and Conditions.
The cyber insuring agreement is focused on the loss that has occurred, and includes cover for:
 Breach Costs
 Liability
 Regulatory defence and penalties
 Cyber Extortion Costs
 Business Interruption Costs, and
Hiscox  Data Recovery Costs
arising out of a Data Breach, Security Failure or Extortion Threat. In addition to coverage for Bricking Costs, Cyber
Crime (Social Engineering, Funds Transfer, Reverse Social Engineering), Dependent Business Interruption, Dependent
System Failure, Reputational Harm, Supplemental Payments, System Failure, and Utility Fraud is also offered.
Cover is available for Digital Media Liability, Technology Liability, or Professional Liability under the same policy
form.
Hiscox CyberClear also offers Value-add prevention and response services such as AI powered cyber security solutions
through Paladin Shield and eRisk Hub
DataInsure 2.0 is a broad stand-alone Cyber form that provides critical first- and third-party protection against a variety
of network security and privacy exposures due to ransomware, malware, data breaches, social engineering and more.
Standard Coverage
 Privacy and network security liability
 Media Liability
 Regulatory proceedings, fines, and penalties
 Privacy breach expenses
 Network Asset Loss
 Business Interruption
 Dependent Business Interruption
 Cost of forensic accountant within business interruption insuring agreement
 Voluntary notification
 Bricking
 Unauthorized collection
Optional Coverage
 System failure
Liberty Mutual/Ironshore  Dependent system failure
 Funds Transfer Fraud
 Invoice Manipulation
 Reputational Harm
 PCI Assessments
 Voluntary Shutdown
 Cryptojacking fraud
 Telecommunications Fraud
 Compromised plastic card re-issuance
Additional policy benefits
 Complimentary access to risk management, training and compliance materials
 Access to virtual CISO privacy hotline
 Dedicated in-house cyber claims team
 Claim notification via cyber response smartphone app
 24/7 data breach hotline
Coverage also available within Blended Technology and Miscellaneous Professional policy form TechInsure 2.0.

Page 26
The Betterley Report

Product Description (In the Insurer’s Own Words)

Insurer Products Offered to Healthcare Insureds
Flexible and creative underwriting approach
Direct access to decision-making, experienced underwriters
Experienced, in-house claims handling
Wholly owned Lloyd’s Syndicate + syndicated third-party capital
Global 24/7 incident response
Global underwriting capabilities
PRIMARY
Straightforward and simplified policy language
Mosaic Insurance Security and privacy liability coverage
Regulatory proceedings
Business interruption coverage
Voluntary shutdown
Inclusive of betterment & bricking coverage
Cyber extortion coverage
EXCESS
Follow-form cyber and tech E&O coverage
Minimum attachment: none
The Resilience Cyber product offers a comprehensive range of coverage in a streamlined policy form, with each cover-
age grouped within one of three “Coverage Genres”:
COVERED COSTS
 Response Costs: Following an actual or suspected data breach or security failure the Resilience Cyber policy will
cover all costs for an insured to respond to the incident.
 Data Recovery Costs: Following a security failure or system failure, the Resilience Cyber policy will cover costs for
an insured to regain access to or restore compromised data.
 Hardware Replacement Costs: Following a security failure, the Resilience Cyber policy will cover costs for an in-
sured to replace computers and associated devices/equipment that are unable to function due to corruption or destruc-
tion of software/firmware.
 Reward Costs: Following a security failure, the Resilience Cyber policy will cover rewards offered by an insured for
the arrest/conviction of the perpetrator.
COVERED LOSS
 Insured Interruption Loss: Following a security failure, system failure or intentional shutdown of an insured’s com-
puter systems, the Resilience Cyber policy will cover losses resulting from the interruption of such insured’s business
operations.
 Vendor Interruption Loss: Following a security failure or system failure of an insured’s vendor, the Resilience Cyber
policy will cover losses resulting from the interruption of such insured’s business operations.
 Extortion Loss: Following an extortion threat/ransomware incident, the Resilience Cyber policy will cover losses
incurred by an insured to secure digital currency and/or services necessary to end or prevent such threat or incident.
 Reputation Loss: Following an adverse publication regarding a data breach, security breach or extortion threat of an
insured, the Resilience Cyber policy will cover losses incurred by the insured as a result of such adverse publication.
Resilience  Telephone Fraud Loss: Following an incident of telephone fraud, the Resilience Cyber policy will cover direct finan-
cial losses incurred by the insured as a result of increased utilities arising from such telephone fraud.
 Cryptojacking Loss: Following an incident of cryptojacking, the Resilience Cyber policy will cover direct financial
losses incurred by the insured as a result of increased utilities arising from such cryptojacking.
 Social Engineering Loss: Following a fraudulent instruction/social engineering incident, the Resilience Cyber policy
will cover direct financial losses incurred by the insured as a result of an insured’s transfer of money and/or securities
to a fraudulent third party.
 Invoice Manipulation Loss: Following the release of a fraudulent invoice to the client or customer of an insured as a
result of a security failure, the Resilience Cyber policy will cover direct net losses arising out of the insured’s inability
to collect payment for goods or services that had been rendered.
 Transfer Fraud Loss: Following a fraudulent instruction to an insured’s financial institution, the Resilience Cyber
policy will cover direct financial losses arising out of such financial institution’s transfer or money and/or securities to
a fraudulent third party.
COVERED LIABILITY
 Data & Network Liability: Following a data breach, security failure, violation of privacy policy, the Resilience Cyber
policy will cover an insured’s liability arising out of such incident.
 Bodily Injury Liability: Following a security failure resulting in bodily injury, the Resilience Cyber policy will cover
an insured’s liability arising out of such incident.
 Regulatory Liability: Following a data breach or security failure resulting in regulatory requests, demands or proceed-
ings, the Resilience Cyber policy will cover an insured’s liability arising out of such incident.
 Merchant Services Liability: Following a data breach resulting an insured’s breach of terms under a merchant services
agreement, the Resilience Cyber Policy will cover an insured’s liability arising out of such incident.

Page 27
The Betterley Report

Product Description (In the Insurer’s Own Words)

Insurer Products Offered to Healthcare Insureds
 Media Liability: Following a covered media peril/media wrongful act with respect to an insured’s offline and/or online
content, the Resilience Cyber policy will cover an insured’s liability arising out of such incident.
CyberRisk is offered standalone and fits within the modular suite of management liability products: Wrap+ for private
and non-profit companies; Executive Choice+ for publicly traded companies; and Select One+ for financial institutions.
16 separate Insuring Agreements with separate limits and retentions: three for liability and 13 for first party coverage:
Privacy And Security is triggered by loss from a claim of (1) failure to prevent loss, theft, or unauthorized access to
confidential information; (2) failure to destroy confidential information; (3) a violation of law alleged in connection with
(1) or (2); (4) failure to provide notice of actual or potential loss, theft, or unauthorized access to confidential infor-
mation where such notice is required by law; (5) failure to comply with publicly available written policies or procedures
regarding confidential information; (6) unauthorized, unlawful, or wrongful collection of confidential information; or (7)
the failure to prevent a security breach, directly resulting in the: (a) alteration or deletion of confidential information; (b)
transmission of a virus into another’s computer or network; (c) participation in a DoS attack; or (d) failure to provide an
authorized user with access to the insured’s computer system.
Media is triggered by loss from a claim of (1) unauthorized use of copyright, title, slogan, trademark, trade dress, service
mark, domain name, logo, or service name; (2) unauthorized use of literary or artistic format, character, or performance;
(3) violation of an individual’s right of privacy or publicity; (4) defamation, libel, slander, trade libel, or other tort related
to disparagement or harm to the reputation or character of any person or entity; (5) the misappropriation of ideas under
an implied contract; (6) improper deep-linking or framing; or (7) unfair competition, when alleged in connection with (1)
through (6).
Regulatory Proceedings pays for defense costs, civil money fines, civil penalties, and amounts deposited in a consumer
redress fund, imposed in a regulatory proceeding, to the extent insurable under the most favorable applicable law. Such
regulatory proceedings must stem from a privacy and security or media act.
Privacy Breach Notification pays reasonable costs or fees paid voluntarily or as required by agreement or law; for
printing and delivering notice to; providing credit or identity monitoring to; call center services for; costs to purchase an
identity fraud insurance policy to benefit natural persons; or other services to mitigate loss or provide notices to, persons
or entities whose confidential information was, or is suspected to have been, stolen or lost, or accessed or disclosed with-
out authorization.
Computer And Legal Experts pays for reasonable fees or costs for services to: conduct a forensic analysis to determine
the existence and cause of a privacy breach or security breach; determine whose confidential information was lost or sto-
len, or accessed or disclosed without authorization; contain or stop a privacy breach or security breach in progress; cer-
Travelers tify the computer system meets payment card security standards, if a security breach discovered during the policy period
results in noncompliance with such standards; or provide legal services to respond to a privacy breach or security breach.
Betterment reimburses for reasonable costs for hardware or software to improve a computer system after a security
breach, if: (1) the security breach has been stopped or contained; (2) such breach resulted in covered computer and legal
expert costs; (3) the approved provider who provided computer services in response to such security breach identified a
weakness in a computer system that caused or contributed to the security breach; and (4) such approved provider recom-
mends the improvements to prevent a future security breach from exploiting such weakness.
Cyber Extortion pays for expenses the insured incurs responding to an external threat of access to or disclosure of con-
fidential information, an insured entity’s information without authorization, or to commit or continue a security breach.
Data Restoration reimburses for costs incurred to restore or recover damaged or destroyed computer programs, soft-
ware, and electronic data following a security breach.
Public Relations reimburses the insured for public relations services related to an actual or suspected privacy breach,
security breach, or media act.
Computer Fraud to cover the insured’s direct loss caused by fraudulent entry of data into the insured’s computer sys-
tem.
Funds Transfer Fraud reimburses the insured for direct loss caused by fraudulent instructions sent to the insured’s fi-
nancial institution.
Social Engineering Fraud pays for the insured’s loss of money or securities due to a party impersonating another party,
and fraudulently providing instructions to an employee to transfer funds.
Telecom Fraud pays for charges by a telephone service provider resulting from an unauthorized person accessing or
using an insured’s telephone system.
Business Interruption pays for loss of income and expenses to restore operations as a result of a computer system dis-
ruption caused by a security breach, an accidental, unintentional, and unplanned interruption of the insured’s computer
system, or for the voluntary shutdown of systems to minimize the impact of a security breach or privacy breach.
Dependent Business Interruption pays for loss of income and expenses to restore operations as a result of an interrup-
tion to the computer system of a third party the insured relies on to run its business.
Reputation Harm pays for loss of income that occurs as a result of damage to an insured’s reputation when an actual or
potential privacy breach, security breach, or notification becomes public.

Page 28
The Betterley Report

Product Description (In the Insurer’s Own Words)

Insurer Products Offered to Healthcare Insureds
The Zurich Cyber Insurance Policy (ZCIP) makes the following available via the base form: Security Liability, Privacy
Liability Media Liability, Regulatory Proceedings Defense Costs, General Data Protection Regulations Proceedings
Coverage, Payment Card Industry Demand Coverage, Breach Cost Coverage, Business Income Loss Coverage, Depend-
ent Business Income Loss Coverage, System Failure Business Income Loss Coverage, System Failure Dependent Busi-
Zurich ness Income Loss Coverage, Digital Asset Replacement Expense Coverage, Cyber Extortion Coverage, Reward Payment
Coverage, Reputational Damage Coverage, Social Engineering Funds Transfer Fraud Event Coverage, Social Engineer-
ing Theft of Funds Held In Trust Coverage, Social Engineering Theft of Personal Funds Coverage, Claim Avoidance
Coverage. Also available are numerous endorsements, pre-breach services and access to Cyber Risk Engineers.

Page 29
The Betterley Report

Market Focus – Healthcare Organizations –

Types and Size of Insureds
Focus
Type of Organization Not
Insurer Moder- Size of Insured
You Will Consider Primary Usually
ate
or None
Hospitals and Health Systems Yes All
Skilled Nursing Facilities Yes All
Physician Groups Yes All
Clinics Yes All
Ambulatory Surgical Centers Yes All
Behavioral Health Services Yes All
Rehab and Dependency Centers Yes All
AIG Long-Term Care Yes All
Hospice and Home Health Services Yes All
Telemed Services Yes All
Labs (Medical & Dental) Yes All
Organ and Blood Collection Yes All
Pharmacies Yes All
Other (Please Specify) All Types All
Hospitals and Health Systems Yes All
Skilled Nursing Facilities Yes All
Physician Groups Yes All
Clinics Yes All
Ambulatory Surgical Centers Yes All
Behavioral Health Services Yes All
Rehab and Dependency Centers Yes All
Allianz (AGCS) Long-Term Care Yes All
Hospice and Home Health Services Yes All
Telemed Services Yes All
Labs (Medical & Dental) Yes All
Organ and Blood Collection Yes All
Pharmacies Yes All
Other (Please Specify) All Types All
Hospitals and Health Systems Yes All
Skilled Nursing Facilities Yes All
Physician Groups Yes All
Clinics Yes All
Ambulatory Surgical Centers Yes All
Behavioral Health Services Yes All
Rehab and Dependency Centers Yes All
Allied World Long-Term Care Yes All
Hospice and Home Health Services Yes All
Telemed Services Yes All
Labs (Medical & Dental) Yes All
Organ and Blood Collection Yes All
Pharmacies Yes All
Other (Please Specify) - - - -
Hospitals and Health Systems Yes Primary & Excess up to $2 billion revenue
At-Bay Skilled Nursing Facilities Yes Primary & Excess up to $2 billion revenue

Page 30
The Betterley Report

Market Focus – Healthcare Organizations –

Types and Size of Insureds
Focus
Type of Organization Not
Insurer Moder- Size of Insured
You Will Consider Primary Usually
ate
or None
Physician Groups Yes Primary & Excess up to $2 billion revenue
Clinics Yes Primary & Excess up to $2 billion revenue
Ambulatory Surgical Centers Yes Primary & Excess up to $2 billion revenue
Behavioral Health Services Yes Primary & Excess up to $2 billion revenue
Rehab and Dependency Centers Yes Primary & Excess up to $2 billion revenue
Long-Term Care Yes Primary & Excess up to $2 billion revenue
Hospice and Home Health Services Yes Primary & Excess up to $2 billion revenue
Telemed Services Yes Primary & Excess up to $2 billion revenue
Labs (Medical & Dental) Yes Primary & Excess up to $2 billion revenue
Organ and Blood Collection Yes Primary & Excess up to $2 billion revenue
Pharmacies Yes Primary & Excess up to $2 billion revenue
Other (Please Specify) Yes Primary & Excess up to $2 billion revenue
Hospitals and Health Systems Yes Yes All
Skilled Nursing Facilities Yes Yes All
Physician Groups Yes Yes All
Clinics Yes Yes All
Ambulatory Surgical Centers Yes Yes All
Behavioral Health Services Yes Yes All
Rehab and Dependency Centers Yes Yes All
Beazley Long-Term Care Yes Yes All
Hospice and Home Health Services Yes Yes All
Telemed Services Yes Yes All
Labs (Medical & Dental) Yes Yes All
Organ and Blood Collection Yes Yes All
Pharmacies Yes Yes All
Other (Please Specify) - - - -
Primary up to $5 billion in revenues, Ex-
Hospitals and Health Systems Yes
cess all sizes
Primary up to $5 billion in revenues, Ex-
Skilled Nursing Facilities Yes
cess all sizes
Primary up to $5 billion in revenues, Ex-
Physician Groups Yes
cess all sizes
Primary up to $5 billion in revenues, Ex-
Clinics Yes
cess all sizes
Primary up to $5 billion in revenues, Ex-
Ambulatory Surgical Centers Yes
cess all sizes
Berkley Primary up to $5 billion in revenues, Ex-
Behavioral Health Services Yes
cess all sizes
Primary up to $5 billion in revenues, Ex-
Rehab and Dependency Centers Yes
cess all sizes
Primary up to $5 billion in revenues, Ex-
Long-Term Care Yes
cess all sizes
Primary up to $5 billion in revenues, Ex-
Hospice and Home Health Services Yes
cess all sizes
Primary up to $5 billion in revenues, Ex-
Telemed Services Yes
cess all sizes

Page 31
The Betterley Report

Market Focus – Healthcare Organizations –

Types and Size of Insureds
Focus
Type of Organization Not
Insurer Moder- Size of Insured
You Will Consider Primary Usually
ate
or None
Primary up to $5 billion in revenues, Ex-
Labs (Medical & Dental) Yes
cess all sizes
Primary up to $5 billion in revenues, Ex-
Organ and Blood Collection Yes
cess all sizes
Primary up to $5 billion in revenues, Ex-
Pharmacies Yes
cess all sizes
Clinical Research Organizations
Other (Please Specify) Yes Primary up to $5 billion in revenues, Ex-
cess all sizes
Hospitals and Health Systems Yes All
Skilled Nursing Facilities Yes All
Physician Groups Yes All
Clinics Yes All
Ambulatory Surgical Centers Yes All
Behavioral Health Services Yes All
Rehab and Dependency Centers Yes All
CFC Long-Term Care Yes All
Hospice and Home Health Services Yes All
Telemed Services Yes All
Labs (Medical & Dental) Yes All
Organ and Blood Collection Yes All
Pharmacies Yes All
Other (Please Specify) - - - -
Hospitals and Health Systems Yes All
Skilled Nursing Facilities Yes All
Physician Groups Yes All
Clinics Yes All
Ambulatory Surgical Centers Yes All
Behavioral Health Services Yes All
Rehab and Dependency Centers Yes All
Chubb Long-Term Care Yes All
Hospice and Home Health Services Yes All
Telemed Services Yes All
Labs (Medical & Dental) Yes All
Organ and Blood Collection Yes All
Pharmacies Yes All
Other (Please Specify) - - - -
Hospitals and Health Systems Yes All
Skilled Nursing Facilities Yes All
Physician Groups Yes All
Clinics Yes All
Cincinnati Ambulatory Surgical Centers Yes All
Behavioral Health Services Yes All
Rehab and Dependency Centers Yes All
Long-Term Care Yes All

Page 32
The Betterley Report

Market Focus – Healthcare Organizations –

Types and Size of Insureds
Focus
Type of Organization Not
Insurer Moder- Size of Insured
You Will Consider Primary Usually
ate
or None
Hospice and Home Health Services Yes All
Telemed Services Yes All
Labs (Medical & Dental) Yes All
Organ and Blood Collection Yes All
Pharmacies Yes All
Other (Please Specify) Yes All
Hospitals and Health Systems Yes All
Skilled Nursing Facilities Yes All
Physician Groups Yes All
Clinics Yes All
Ambulatory Surgical Centers Yes All
Behavioral Health Services Yes All
Rehab and Dependency Centers Yes All
Coalition Long-Term Care Yes All
Hospice and Home Health Services Yes All
Telemed Services Yes All
Labs (Medical & Dental) Yes All
Organ and Blood Collection Yes All
Pharmacies Yes All
Other (Please Specify)
Hospitals and Health Systems Yes All
Skilled Nursing Facilities Yes All
Physician Groups Yes All
Clinics Yes All
Corvus Ambulatory Surgical Centers Yes All
Behavioral Health Services Yes All
Rehab and Dependency Centers Yes All
Long-Term Care Yes All
Hospitals and Health Systems Yes Middle Sized/Small
Skilled Nursing Facilities Yes Middle Sized/Small
Physician Groups Moderate Middle Sized/Small
Clinics Yes Middle Sized/Small
Ambulatory Surgical Centers Yes Middle Sized/Small
Behavioral Health Services Yes Middle Sized/Small
Rehab and Dependency Centers Yes Middle Sized/Small
Long-Term Care Yes Middle Sized/Small
Hiscox Hospice and Home Health Services Yes Middle Sized/Small
Telemed Services Yes Middle Sized/Small
Labs (Medical & Dental) Yes Middle Sized/Small
Organ and Blood Collection Yes Middle Sized/Small
Pharmacies Moderate Middle Sized/Small
Other (Please Specify) Middle Sized/Small
Organ and Blood Collection Yes Middle Sized/Small
Pharmacies Yes Middle Sized/Small

Page 33
The Betterley Report

Market Focus – Healthcare Organizations –

Types and Size of Insureds
Focus
Type of Organization Not
Insurer Moder- Size of Insured
You Will Consider Primary Usually
ate
or None
Other (Please Specify) - - - -
Ambulatory Surgical Centers Yes Middle Sized/Small
Behavioral Health Services Yes Middle Sized/Small
Rehab and Dependency Centers Yes Middle Sized/Small
Long-Term Care Yes Middle Sized/Small
Hospice and Home Health Services Yes Middle Sized/Small
Telemed Services Yes Middle Sized/Small
Labs (Medical & Dental) Yes Middle Sized/Small
Organ and Blood Collection Yes Middle Sized/Small
Pharmacies Yes Middle Sized/Small
Other (Please Specify) - - - -
Hospitals and Health Systems Yes All – Target $100 million+ in revenues
Skilled Nursing Facilities Yes All – Target $100 million+ in revenues
Physician Groups Yes All – Target $100 million+ in revenues
Clinics Yes All – Target $100 million+ in revenues
Ambulatory Surgical Centers Yes All – Target $100 million+ in revenues
Behavioral Health Services Yes All – Target $100 million+ in revenues
Liberty Mu- Rehab and Dependency Centers Yes All – Target $100 million+ in revenues
tual/Ironshore Long-Term Care Yes All – Target $100 million+ in revenues
Hospice and Home Health Services Yes All – Target $100 million+ in revenues
Telemed Services Yes All – Target $100 million+ in revenues
Labs (Medical & Dental) Yes All – Target $100 million+ in revenues
Organ and Blood Collection Yes All – Target $100 million+ in revenues
Pharmacies Yes All – Target $100 million+ in revenues
Other (Please Specify) Yes All – Target $100 million+ in revenues
Hospitals and Health Systems Yes All
Skilled Nursing Facilities Yes All
Physician Groups Yes All
Clinics Yes All
Ambulatory Surgical Centers Yes All
Behavioral Health Services Yes All
Rehab and Dependency Centers Yes All
Mosaic Long-Term Care Yes All
Hospice and Home Health Services Yes All
Telemed Services Yes All
Labs (Medical & Dental) Yes All
Organ and Blood Collection Yes All
Pharmacies Yes All
Other (Please Specify) All
Hospitals and Health Systems Yes All
Skilled Nursing Facilities Yes All
Resilience Physician Groups Yes All
Clinics Yes All
Ambulatory Surgical Centers Yes All

Page 34
The Betterley Report

Market Focus – Healthcare Organizations –

Types and Size of Insureds
Focus
Type of Organization Not
Insurer Moder- Size of Insured
You Will Consider Primary Usually
ate
or None
Behavioral Health Services Yes All
Rehab and Dependency Centers Yes All
Long-Term Care Yes All
Hospice and Home Health Services Yes All
Telemed Services Yes All
Labs (Medical & Dental) Yes All
Organ and Blood Collection Yes All
Pharmacies Yes All
Other (Please Specify) - - - -
Hospitals and Health Systems Yes All
Skilled Nursing Facilities Yes All
Physician Groups Yes All
Clinics Yes All
Ambulatory Surgical Centers Yes All
Behavioral Health Services Yes All
Rehab and Dependency Centers Yes All
Travelers Long-Term Care Yes All
Hospice and Home Health Services Yes All
Telemed Services Yes All
Labs (Medical & Dental) Yes All
Organ and Blood Collection Yes All
Pharmacies Yes All
Other (Please Specify) - - - -
Hospitals and Health Systems Yes All
Skilled Nursing Facilities Yes All
Physician Groups Yes All
Clinics Yes All
Ambulatory Surgical Centers Yes All
Behavioral Health Services Yes All
Rehab and Dependency Centers Yes All
Zurich Long-Term Care Yes All
Hospice and Home Health Services Yes All
Telemed Services Yes All
Labs (Medical & Dental) Yes All
Organ and Blood Collection Yes All
Pharmacies Yes All
Other (Please Specify) All

Page 35
The Betterley Report

Market Focus – Managed Care Organizations –

Types and Size of Insureds
Focus
Size of Insured
Type of Organization Not
Insurer (Large, Midsized, Small,
You Will Consider Primary Moderate Usually or All)
or None
Health Plans Yes All
Vision and Dental Plans Yes All
Medicare/Medicaid Plans Yes All
Case and Disease Management
Yes All
Orgs
Review Organizations (Credential-
Yes All
AIG ing, Peer, Claims)
Accountable Care Organizations Yes All
Health Insurance Exchanges Yes All
Community Health Information
Yes All
Networks
Third-Party Administrators Yes All
Other (Please Specify) All Types All
Health Plans Yes All
Vision and Dental Plans Yes All
Medicare/Medicaid Plans Yes All
Case and Disease Management
Yes All
Orgs
Review Organizations (Credential-
Yes All
Allianz (AGCS) ing, Peer, Claims)
Accountable Care Organizations Yes All
Health Insurance Exchanges Yes All
Community Health Information
Yes All
Networks
Third-Party Administrators Yes All
Other (Please Specify) All Types All
Health Plans Yes All
Vision and Dental Plans Yes All
Medicare/Medicaid Plans Yes All
Case and Disease Management
Yes All
Orgs
Review Organizations (Credential-
Yes All
Allied World ing, Peer, Claims)
Accountable Care Organizations Yes All
Health Insurance Exchanges Yes All
Community Health Information
Yes All
Networks
Third-Party Administrators Yes All
Other (Please Specify) - - - -
Health Plans Yes Primary & Excess up to $2B revenue
Vision and Dental Plans Yes Primary & Excess up to $2B revenue
Medicare/Medicaid Plans Yes Primary & Excess up to $2B revenue
At-Bay Case and Disease Management Primary & Excess up to $2B revenue
Yes
Orgs
Review Organizations (Credential- Primary & Excess up to $2B revenue
Yes
ing, Peer, Claims)

Page 36
The Betterley Report

Market Focus – Managed Care Organizations –

Types and Size of Insureds
Focus
Size of Insured
Type of Organization Not
Insurer (Large, Midsized, Small,
You Will Consider Primary Moderate Usually or All)
or None
Accountable Care Organizations Yes Primary & Excess up to $2B revenue
Health Insurance Exchanges Yes N/A
Community Health Information
Yes N/A
Networks
Third-Party Administrators Yes Primary & Excess up to $1 billion revenue
Other (Please Specify) Yes Primary & Excess up to $1 billion revenue
Health Plans No No Primary & Excess up to $2B revenue
Vision and Dental Plans No No Primary & Excess up to $2B revenue
Medicare/Medicaid Plans No No Primary & Excess up to $2B revenue
Case and Disease Management Primary & Excess up to $2B revenue
No No
Orgs
Review Organizations (Credential-
No No All
Beazley ing, Peer, Claims)
Accountable Care Organizations No No All
Health Insurance Exchanges No No All
Community Health Information
No No All
Networks
Third-Party Administrators No No All
Other (Please Specify) - - - -
Health Plans Primary up to $5 billion in revenues, Excess all
Yes sizes
Vision and Dental Plans Primary up to $5 billion in revenues, Excess all
Yes sizes
Medicare/Medicaid Plans Primary up to $5 billion in revenues, Excess all
Yes sizes
Case and Disease Management Primary up to $5 billion in revenues, Excess all
Yes sizes
Orgs
Review Organizations (Credential- Primary up to $5 billion in revenues, Excess all
Yes
Berkley ing, Peer, Claims) sizes
Accountable Care Organizations Primary up to $5 billion in revenues, Excess all
Yes sizes
Health Insurance Exchanges Primary up to $5 billion in revenues, Excess all
Yes sizes
Community Health Information Primary up to $5 billion in revenues, Excess all
Yes sizes
Networks
Third-Party Administrators Primary up to $5 billion in revenues, Excess all
Yes sizes
Other (Please Specify) - - - -
Health Plans Yes All
Vision and Dental Plans Yes All
Medicare/Medicaid Plans Yes All
Case and Disease Management
Yes All
Orgs
CFC Review Organizations (Credential-
Yes All
ing, Peer, Claims)
Accountable Care Organizations Yes All
Health Insurance Exchanges Yes All
Community Health Information
Yes All
Networks

Page 37
The Betterley Report

Market Focus – Managed Care Organizations –

Types and Size of Insureds
Focus
Size of Insured
Type of Organization Not
Insurer (Large, Midsized, Small,
You Will Consider Primary Moderate Usually or All)
or None
Third-Party Administrators Yes All
Other (Please Specify) - - - -
Health Plans Yes All
Vision and Dental Plans Yes All
Medicare/Medicaid Plans Yes All
Case and Disease Management
Yes All
Orgs
Review Organizations (Credential-
Yes All
Chubb ing, Peer, Claims)
Accountable Care Organizations Yes All
Health Insurance Exchanges Yes All
Community Health Information
Yes All
Networks
Third-Party Administrators Yes All
Other (Please Specify) - - - -
Health Plans Yes NA
Vision and Dental Plans Yes NA
Medicare/Medicaid Plans Yes NA
Case and Disease Management Yes NA
Orgs
Review Organizations (Credential- Yes NA
Cincinnati ing, Peer, Claims)
Accountable Care Organizations Yes NA
Health Insurance Exchanges Yes NA
Community Health Information Yes NA
Networks
Third-Party Administrators Yes NA
Other (Please Specify) Yes NA
Health Plans Yes All
Vision and Dental Plans Yes All
Medicare/Medicaid Plans Yes All
Case and Disease Management
Yes All
Orgs
Review Organizations (Credential-
Yes All
Coalition ing, Peer, Claims)
Accountable Care Organizations Yes All
Health Insurance Exchanges Yes All
Community Health Information
Yes All
Networks
Third-Party Administrators Yes All
Other (Please Specify)
Health Plans Yes All
Vision and Dental Plans Yes All
Corvus Medicare/Medicaid Plans Yes All
Case and Disease Management
Yes All
Orgs

Page 38
The Betterley Report

Market Focus – Managed Care Organizations –

Types and Size of Insureds
Focus
Size of Insured
Type of Organization Not
Insurer (Large, Midsized, Small,
You Will Consider Primary Moderate Usually or All)
or None
Review Organizations (Credential-
Yes All
ing, Peer, Claims)
Accountable Care Organizations Yes All
Health Insurance Exchanges Yes All
Community Health Information
Yes All
Networks
Third-Party Administrators Yes All
Other (Please Specify) - - - -
Health Plans Yes Middle Sized/Small
Vision and Dental Plans Yes Middle Sized/Small
Medicare/Medicaid Plans Yes Middle Sized/Small
Case and Disease Management
Yes Middle Sized/Small
Orgs
Review Organizations (Credential-
Yes Middle Sized/Small
ing, Peer, Claims)
Accountable Care Organizations Yes Middle Sized/Small
Health Insurance Exchanges Yes Middle Sized/Small
Community Health Information
Yes Middle Sized/Small
Networks
Third-Party Administrators Yes Middle Sized/Small
Hiscox Other (Please Specify) - - - -
Vision and Dental Plans Yes Middle Sized/Small
Medicare/Medicaid Plans No Middle Sized/Small
Case and Disease Management
Yes Middle Sized/Small
Orgs
Review Organizations (Credential-
Yes Middle Sized/Small
ing, Peer, Claims)
Accountable Care Organizations Yes Middle Sized/Small
Health Insurance Exchanges No
Community Health Information
No
Networks
Third-Party Administrators Yes Middle Sized/Small
Other (Please Specify) - - - -
Health Plans Yes Yes All – Target $100 million+ in revenues
Vision and Dental Plans Yes Yes All – Target $100 million+ in revenues
Medicare/Medicaid Plans Yes Yes All – Target $100 million+ in revenues
Case and Disease Management
Yes Yes All – Target $100 million+ in revenues
Orgs
Review Organizations (Credential-
Liberty Mu- ing, Peer, Claims)
Yes Yes All – Target $100 million+ in revenues
tual/Ironshore Accountable Care Organizations Yes Yes All – Target $100 million+ in revenues
Health Insurance Exchanges No No Yes
Community Health Information
No No Yes -
Networks
Third-Party Administrators Yes Yes All – Target $100 million+ in revenues
Other (Please Specify) - - - --
Health Plans Yes All

Page 39
The Betterley Report

Market Focus – Managed Care Organizations –

Types and Size of Insureds
Focus
Size of Insured
Type of Organization Not
Insurer (Large, Midsized, Small,
You Will Consider Primary Moderate Usually or All)
or None
Vision and Dental Plans Yes All
Medicare/Medicaid Plans Yes All
Case and Disease Management
Yes All
Orgs
Review Organizations (Credential-
Yes All
ing, Peer, Claims)
Mosaic Accountable Care Organizations Yes All
Health Insurance Exchanges Yes All
Community Health Information
Yes All
Networks
Third-Party Administrators Yes All
Other (Please Specify) - - - -
Health Plans Yes All
Vision and Dental Plans Yes All
Medicare/Medicaid Plans Yes All
Case and Disease Management Yes All
Orgs
Review Organizations (Credential- Yes All
Resilience ing, Peer, Claims)
Accountable Care Organizations Yes All
Health Insurance Exchanges Yes All
Community Health Information Yes All
Networks
Third-Party Administrators Yes All
Other (Please Specify) - - - All
Health Plans Yes All
Vision and Dental Plans Yes All
Medicare/Medicaid Plans Yes All
Case and Disease Management
Yes All
Orgs
Review Organizations (Credential-
Yes All
Travelers ing, Peer, Claims)
Accountable Care Organizations Yes All
Health Insurance Exchanges Yes All
Community Health Information
Yes All
Networks
Third-Party Administrators Yes All
Other (Please Specify) - - - -
Health Plans Yes All
Vision and Dental Plans Yes All
Medicare/Medicaid Plans Yes All
Case and Disease Management
Yes All
Zurich Orgs
Review Organizations (Credential-
Yes All
ing, Peer, Claims)
Accountable Care Organizations Yes All
Health Insurance Exchanges Yes All

Page 40
The Betterley Report

Market Focus – Managed Care Organizations –

Types and Size of Insureds
Focus
Size of Insured
Type of Organization Not
Insurer (Large, Midsized, Small,
You Will Consider Primary Moderate Usually or All)
or None
Community Health Information
Yes All
Networks
Third-Party Administrators Yes All
Other (Please Specify) - - - -

Page 41
The Betterley Report

Capacity, Deductibles, Coinsurance,

and Agent Access
Is Product
Capacity Deductible or SIR
Insurer Available to Retail Broker or to
Available (Minimum & Maximum)
Wholesale Only?
Minimum retention: $1,000 (first re-
AIG $100 million
sponse coverage $0)
Available to all licensed brokers appointed with AIG

Allianz (AGCS) $10 million Varies Both

Allied World $10 million $1,000 minimum; no maximum Retail brokers and wholesalers

At-Bay $5 million $2,500 minimum Appointed wholesalers

Beazley $100 million $2,500 minimum; no maximum Available to all brokers licensed with Beazley

Berkley Cyber
$ 2,500 minimum; no maximum (pre- Available to licensed retail, wholesale, and specialty brokers
Risk $25 million
ferred breach counsel $0) appointed with Berkley Cyber Risks Solutions
Solutions
CFC $25 million Minimum deductible: $1,000 All CFC-appointed agents
$25 million;
Chubb $50 million for cyber fa- None Available to all Chubb-appointed retail brokers and wholesalers
cility
Cincinnati $10 million $2,500 minimum; no maximum All Cincinnati-appointed agents

Coalition $15 million Minimum retention: $500 Both

Corvus $5 million Minimum: $5,000 Both

Minimum retention:
Hiscox $5 million
$1,000
Both

All:
Liberty Mu- $10 million (primary or
Minimum SIR: $10,000 Liberty Mutual - retail
tual/Ironshore excess)
Ironshore - wholesale
Mosaic $15 million Minimum SIR: $5,000 Appointed retail brokers and select wholesale brokers

Resilience $10 million Varies Both

$10 million primary, $10 Minimum Deductible:
Travelers million excess $5,000
Retail or wholesale

Zurich $25 million Minimum SIR: $5,000 Appointed retail or wholesale brokers

Page 42
The Betterley Report

Data Privacy:
Types of Coverage and Limits Available
Fines and/or
Insurer Liability Remediation
Penalties
AIG Up to policy limit Up to policy limit Yes, where insurable by law
Policy limit (where permissible
Allianz (AGCS) Full policy limits available Policy limit
by law)
Full policy limits available ($10 mil-
Allied World lion)
Full limits available Full limits available

Full policy limits where insurable

At-Bay Full policy limits available Full policy limits available
by law
For the Beazley Breach Response
policy: outside-of-limits coverage up
to (i) $2.5 million and (ii) $5 million
notified individuals. In addition, full
Yes, where allowable by law up
Beazley Yes, up to $100 million policy limits are then available for re-
to full policy limits
mediation costs that exceed the above
amounts. For the Information Secu-
rity Form, full policy limits are avail-
able
Yes, limits up to the policy aggregate
Berkley Cyber Risk Yes, limits up to the policy aggregate available. Option to have notification
Yes, where insurable by law
Solutions available and monitoring expenses outside the
policy aggregate available
All risks privacy liability cover availa-
ble up to full policy limits and on a First party breach notification cover
worldwide jurisdictional basis as stand- including: legal costs associated with Full policy limits available for
ard. Includes both online and offline handling the breach, administrative regulatory fines and penalties
privacy breaches. Full vicarious liabil- costs associated with issuing notifica- where insurable by law. Full pol-
ity cover for breaches by third parties tion correspondence, credit monitor- icy limits also available for con-
CFC such as hosting providers, sub-contrac- ing services, crisis PR fund, and costs tractual breaches and associated
tors, and outsourcing providers. Also, associated with any mandated foren- damages (including a breach of a
full limits available for “cyber liability” sic investigations to find the source of warranty within a merchant agree-
and multimedia liability, including lia- any breach. Full policy limits availa- ment relating to PCI compliance).
bility for spreading a virus, hacking, IP ble.
infringement and defamation,

Chubb Yes, typically to full policy limit Yes, typically up to full policy limit Yes, typically to full liability limit
via Cyber Incident Response Fund where insurable
$10,000,000 response expense to in-
clude forensic IT review, reputational
$10 million data compromise liability,
harm, legal review, notification to af- Included in liability limit up to
Cincinnati network security liability and media lia-
fected individuals, service to affected $10 million
bility
individuals, PR services and reward
payments
Yes, full limits available including
breach response coverage outside
Yes, full limits available for all liability limits and matching policy limit up to
Coalition coverages $5 million; GDPR and CCPA compli-
Yes, full limits available
ance coverage enhancement also
available
Corvus Full limits up to $5 million Full limits up to $5 million Full limits up to $5 million

Page 43
The Betterley Report

Data Privacy:
Types of Coverage and Limits Available
Fines and/or
Insurer Liability Remediation
Penalties
Yes, limits up to $5 million available
Yes, full limits available for civil
Yes, full limits to $5 million available for the first party costs incurred in re-
penalties (where insurable by law)
for the defense and resolution of third- sponse to a data breach.
arising out of the regulatory ac-
party liability claims, including for le- This includes costs incurred for com-
Hiscox gal violation, negligence, contractual puter forensics, legal services, provid-
tion including “consumer privacy
violations” not tied to a data
breach, PCI fines/penalties and assess- ing notification, call center services,
breach, security failure, or extor-
ments, and regulatory action claims credit monitoring/ID protection ser-
tion threat
vices, and crisis management and PR.
Full limits available (where insur-
Liberty Mutual/Ironshore Full limits available Full limits available
able by law)
Full limits available up to $15
Mosaic Full limits available up to $15 million Various limit structures available
million
Yes, up to the policy aggregate limit
Yes, up to the policy aggregate
Yes, up to the policy aggregate limit of of liability. Remediation is a covered
Resilience liability component of our overarching Re-
limit of liability (where allowable
by law).
sponse Costs coverage.
Yes, form provides coverage for the
Yes, first-party remediation costs
failure to prevent unauthorized access Payment card contract penalties
coverages are available for notifica-
Travelers to confidential information and liability
tion expenses and public relations ex-
and regulatory costs are part of
associated with the failure to notify in- loss.
penses.
dividuals of a breach.
Full limits available up to
Zurich Full limits available up to $25 million Full limits available up to $25 million
$25 million

Page 44
The Betterley Report

Data Privacy:
Regulatory and Statutory Coverage Provided
Regulatory Fines, HIPAA,
Violation of Violation of Penalties, and HITECH, and
Insurer
Regulatory Acts Privacy Laws Consumer Redress Related
Funds Actions
AIG Yes Yes Yes Yes

Allianz (AGCS) Yes Yes Yes Yes

Allied World Yes Yes Yes, full limits Yes

Yes, up to full policy Yes, up to full policy

At-Bay Yes, up to full policy limits Yes, up to full policy limits
limits limits

Beazley Yes Yes Yes Yes

Yes, limits up to the policy aggregate
available. Coverage for prebreach vio-
Berkley Cyber Risk lations of privacy regulation available Yes
Yes, limits up to full regulatory
Yes
Solutions insuring agreement
by endorsement subject to underwrit-
ing
Full policy limits
available for breaches
Full policy limits available for privacy Full policy limits available for
of privacy related Yes, up to full policy
related regulatory investigations/ac- regulatory fines and penalties
laws where insurable limits. Cover also ex-
CFC tions where insurable under the appli-
under the applicable
as well as consumer redress
tends to corrective ac-
cable law. Policy is constructed on an funds where applicable law al-
law. Policy is con- tion plan costs.
“all risks” basis lows this
structed on an “all
risks” basis
Chubb Yes Yes Yes Yes

Cincinnati Yes Yes Yes Yes

Coalition Yes Yes Yes Yes

Yes, consumer redress may be
Corvus Yes Yes
available via endorsement
Yes

Hiscox Yes Yes Yes Yes

Liberty Mutual/ Yes Yes Yes Yes

Ironshore
Mosaic No response No response No response No response

Resilience Yes Yes Yes Yes

Yes, coverage for regulatory
costs under Regulatory Pro-
Yes, loss resulting ceedings Insuring Agreement
Yes, defense and regulatory costs re-
from claims made includes civil money fines,
sulting from regulatory proceedings re-
Travelers sulting from privacy and security acts
for privacy and se- civil penalties, or amounts de- Yes
curity and media posited in a consumer redress
or media acts.
acts. fund if imposed under a regu-
latory proceeding and insura-
ble under most favorable law.
Zurich Yes Yes Yes Yes

Page 45
The Betterley Report

Data Privacy:
Payment Card Industry Coverage Provided
PCI Fines and PCI Assessments
Insurer
Penalties Fraud Charges Card Reissuance Costs
AIG Yes Yes Yes

Allianz (AGCS) Yes Yes Yes

Yes, up to full policy
Allied World limits
Yes Yes

Yes, up to full policy

At-Bay limits
Yes, up to full policy limits Yes, up to full policy limits

Yes, via endorsement for financial

institutions that issue credit/debit
Beazley Yes Yes
cards covers costs to reissue cards
that are compromised
Yes,
Yes, up to the full limit of the PCI in- Yes, up to the full limit of the PCI
Berkley Cyber Risk Solutions limits up to the policy
suring agreement insuring agreement
aggregate available
Full policy limit availa-
ble for any breach of
CFC PCI DSS including
Yes Yes
chargebacks
Chubb Yes Yes Yes

Cincinnati Yes Yes Yes

Coalition Yes, full limits Yes, full limits Yes, full limits

Corvus Yes, up to policy limit Yes Yes

Covered to full policy limit through
contractual coverage pertaining to
Hiscox Yes, full limits
merchant services, payment pro-
Yes, via endorsement
cessing, or other similar agreements
Liberty Mutual/Ironshore Yes Yes Yes
When required as the result of a se-
curity event, and only when such
Mosaic Yes Potentially
costs are payable due to a merchant
services agreement
Resilience Yes Yes Available by endorsement
Potentially, as damages asserted in
third-party liability claims or as pro-
Travelers Yes Yes
vided under a merchant services
agreement
Potentially, as damages asserted in Potentially, as damages asserted in
Zurich Yes
third-party liability claims third-party liability claims

Page 46
The Betterley Report

Data Privacy:
Coverage Triggers
Loss Resulting
Failure Acts by from Theft or
to Persons Disappearance of
Insurer Loss Caused by Employee
Secure Other Than Private
Data Insureds Property (i.e.,
Laptop or Media)
AIG Yes Yes Yes Yes

Allianz (AGCS) Yes Yes Yes Yes

Allied World Yes Yes Yes Yes

At-Bay Yes Yes Yes Yes

Beazley Yes Yes Yes Yes

Berkley Cyber Risk Yes Yes Yes Yes

Solutions
CFC Yes Yes Yes Yes

Chubb Yes Yes Yes Yes

Cincinnati Yes Yes Yes Yes

Coalition Yes Yes Yes Yes

Corvus Yes Yes Yes Yes

Hiscox Yes Yes Yes Yes

Liberty Mutual/Ironshore Yes Yes Yes Yes

Mosaic Yes Yes Yes Yes

Resilience Yes Yes Yes Yes

Travelers Yes Yes Yes Yes

Zurich Yes Yes Yes Yes

Page 47
The Betterley Report

Data Privacy:
Types of Data Covered
Nonpublic
Individual’s
Data Nonelectronic
Insurer Unspecified Personally Identifi-
(i.e., Corpo- Data
able Information
rate Data)
Broad definition of confi-
dential information in-
AIG cludes both personal and
Yes Yes Yes
nonpublic corporate data
Yes, personal and confi-
Allianz (AGCS) dential information
Yes Yes Yes

Allied World Yes Yes Yes Yes

Yes, broad definition of
PPI; corporate information Yes, via network secu-
At-Bay considered under network
Yes
rity coverage
Yes
security coverage
Beazley Yes Yes Yes Yes

Berkley Yes Yes Yes Yes

CFC Yes Yes Yes Yes

Chubb Yes Yes Yes Yes

Yes, includes PII, person-
ally sensitive information,
Cincinnati and third-party corporate
Yes Yes Yes
data
PII and third-party corpo-
Coalition rate information
Yes Yes Yes

Corvus Yes Yes Yes Yes

Hiscox Yes, PII (including protected health information) and confidential corporate information in any form
Broad definition of PII that
includes reference to data
protection laws to be flexi-
Liberty Mutual/Ironshore ble and inclusive as new
Yes Yes Yes
data protection laws de-
velop and amend over time
Mosaic Yes Yes Yes Yes

Resilience Yes Yes Yes Yes

Confidential information
means a third party’s or in-
sured person’s private or
confidential information in
Travelers the care, custody, or con- Yes Yes Yes
trol of the insured entity or
a service provider acting
on behalf of the insured
entity
Zurich Yes Yes Yes Yes

Page 48
The Betterley Report

Data Privacy:
Remediation Costs Covered
Crisis
Manage-
ment Credit
Insurer Notification Credit Repair Resecure Data
Including Monitoring
Breach
Coach
Covers costs to restore,
AIG Yes Yes Yes Yes recreate, or recollect
electronic data
Allianz (AGCS) Yes Yes Yes Yes Yes

Allied World Yes Yes Yes Yes Yes

Yes, including volun-
At-Bay Yes
tary notification
Yes Yes Yes

Coverage for forensics to

determine the existence,
cause and extent of any
actual or suspected
breach incident – foren-
Beazley Yes Yes Yes Yes
sics coverage also availa-
ble for support of PCI in-
vestigation. Data protec-
tion loss coverage availa-
ble by endorsement.
Yes, definition includes
Yes, option for noti- Yes, definition includes
Yes, option for notifi- costs and expenses to un-
Berkley Cyber Risk Yes cation outside the pol-
fication outside the healthcare restoration
encrypt, recover, restore,
Solutions policy aggregate and identity theft insur-
icy aggregate limit recreate, or recollect a
limit ance
data asset
CFC Yes Yes Yes Yes Yes
Digital data recovery in-
Chubb Yes Yes Yes Yes suring agreement for
data loss
Cincinnati Yes Yes Yes Yes Yes

Coalition Yes Yes Yes Yes, by endorsement Yes

Corvus Yes Yes Yes Yes Yes

Costs to regain access to
a data asset or replace,
Hiscox Yes, full limit Yes, full limit Yes, full limit Yes, full limit restore, or repair a data
asset from backups, orig-
inals, or other sources
Yes (SIR does not
Reasonable and neces-
apply to privacy
Liberty Mutual/ breach coach when
Yes, including volun-
Yes Yes
sary expenses to replace,
Ironshore tary notification recollect or restore dam-
using insurer panel
aged or lost digital assets
vendor)
Mosaic Yes Yes Yes Yes Yes
Following a security fail-
ure or system failure, the
Resilience Cyber policy
Resilience Yes Yes Yes Yes will cover costs for an
insured to regain access
to or restore compro-
mised data

Page 49
The Betterley Report

Data Privacy:
Remediation Costs Covered
Crisis
Manage-
ment Credit
Insurer Notification Credit Repair Resecure Data
Including Monitoring
Breach
Coach
Costs covered can in-
Yes, available as Yes, available as cov- Yes, available as Yes, available as cover-
Travelers coverage option erage option coverage option
clude purchase of iden-
age option
tity fraud insurance
Reasonable and neces-
sary expenses to replace,
Zurich Yes Yes Yes Yes
restore, reconstitute, or
recollect digital assets

Page 50
The Betterley Report

Data Privacy:
Remediation Coverage Services
Is Insured
Is Written
Required To Use
Insurer Consent of Time Limit of Benefit
Designated Service
Insurer Required?
Provider(s)?
Costs must be incurred within 1 year following dis-
AIG No Yes
covery; benefit may be longer
Allianz No
Yes, which will not be unreasonably
None
(AGCS) withheld

Allied No, must use an approved provider but can re- Only for those vendors that are not
None
World quest vendors to be preapproved. preapproved

At-Bay No, but subject to preapproval Yes None

Beazley offers a tailored approach to meet in-
sureds’ needs. Insureds under Beazley’s BBR
form may work with Beazley’s dedicated Breach
Response Services team to access a large number Typically, 1 year following reporting of the incident
Beazley of expert service providers to help respond to an
Yes
or suspected incident to the underwriters
actual or suspected breach incident. Beazley’s
other cyber products afford the insured broad lat-
itude in selecting qualified service providers.
Berkley
No, but insurer consent required if deviating No, verbal consent required and
Cyber from Insurer’s preferred providers or policy can only for vendors that are not already None
Risk be endorsed with policyholder preferred vendors preapproved
Solutions
CFC No Not in the first 72 hours None
No, but enhanced limit for Chubb’s Cyber Inci-
Chubb dent Response team
For specified coverages, yes None

Up to 1 year from the date of the notification

No, there is a preferred provider, but the insured
Cincinnati may choose their own vendor
Yes to the affected individuals or the period required by
law, whichever is longer
Yes, but no consent required for fo- 1 year from discovery of breach (or longer if re-
Coalition No
rensics and legal services from panel quired by law)
No, Corvus has discounted rates with several
breach response providers; insured has the ability 24 months is standard. Additional time limit may be
Corvus to choose their own vendor, subject to Corvus
Yes
available via endorsement.
approval
No, except for identity protection services provided
Hiscox Yes, from panel Yes to affected individuals for 12 months or more as re-
quired by law
Liberty
Mu- No, subject to prior written consent Yes None
tual/Iron-
shore
No, but insurer consent required if deviating
Yes, which will not be unreasonably
Mosaic from insurer’s preferred providers or policy can
withheld
None
be endorsed with policyholder preferred vendors
Resilience service providers preferred - other
Resilience providers allowed with prior consent.
Yes None

Page 51
The Betterley Report

Data Privacy:
Remediation Coverage Services
Is Insured
Is Written
Required To Use
Insurer Consent of Time Limit of Benefit
Designated Service
Insurer Required?
Provider(s)?
No, except for credit monitoring services, there is
For specified services and costs. no time limit for the reimbursement of covered se-
Once initial provider is designated curity breach notification expenses under the com-
an approved provider for computer puter and legal experts or privacy breach notifica-
and legal expert costs, privacy tion insuring agreements. The cost of providing
Travelers No
breach notification costs, and public credit monitoring services is reimbursed for 2 years
relations costs—individual services or longer where required by law starting with the
covered under such extensions do date the insured first notified the person whose iden-
not need to be approved. tity information was accessed or acquired without
their authorization.
Within 24 months of the insured first having re-
Zurich No No
ceived notice of a security event or privacy event

Page 52
The Betterley Report

Coverage Extensions and (Sub)Limits Available for

Allianz (AGCS) Yes No No Yes

Social media activities
Allied World Yes are not excluded in the No Yes
policy form
At-Bay Yes No No Yes
Yes
Beazley No No Yes

Yes, through the Media

Yes, infringement of collective
Liability Insuring Agree- Includes content dis-
mark, copyright, service mark, or
ment. Media event lim- played on website and
Berkley Cyber Risk ited to online display of external social media site No
other trademarked name, slogan,
Solutions symbol, or title or infringement of
content unless specifi- which the insured has in-
the name of a product, service, or
cally endorsed to include dependent ability to edit
organization
offline content.
CFC Yes No No Yes
Yes, either by endorse-
Chubb ment or within base form
No No Yes

Cincinnati Yes No No Yes

Infringement of copyright, domain
name, trademark, trade name,
Coalition Yes No No trade dress, logo, title, metatag,
slogan, service mark, or service
name
Yes, infringement of copyright,
trademark, trade name, trade
Corvus Yes No No
dress, title, slogan, service mark,
or service names.

Yes, standard media lia-

bility coverage for your No, covers more than just
Hiscox advertising of your pro- social media. Social me- No Yes
fessional services dia is covered in addition
to other activities.
Liberty Mutual/Iron- Yes No No Yes
shore
Internet media built into
Mosaic base form with full media No No Yes
via endorsement
Resilience Yes No No Yes

Page 53
The Betterley Report

Coverage Extensions and (Sub)Limits Available for

Cyber Insureds – Media Liability
All Media Only Social Media Intellectual Property Liabilities Can Be Covered?
Insurer Activities Can Be Activities Can Be Other Than Patent
Covered? Covered? Patent Infringement
Infringement
In covered material: Unauthorized
use of copyright, title, slogan,
trademark, trade dress, service
mark, domain name, logo, or ser-
vice name. Unauthorized use of a
literary or artistic format, charac-
Covered material inter, or performance. Violation of
cludes content created or an individual’s right of privacy or
Travelers disseminated via any No No publicity. Defamation, libel, slan-
form of expression. der, trade libel, or other tort re-
lated to disparagement or harm to
the reputation or character of any
person or entity. Misappropriation
of ideas under an implied contract.
Improper deep-linking or framing.
Unfair competition if alleged in
connection with any of the above.
Zurich Yes No No Yes

Page 54
The Betterley Report

Security Assessment Requirements (By a Third Party)

Insurers First-Party Coverage Third-Party Coverage
AIG Information security assessments may be required depending on hazard class and insured’s limits.
Not required as a prerequisite for terms. On larger accounts or complex accounts, we would like to see some evi-
Allianz (AGCS) dence of external firms auditing controls in line with market standards.
Allied World Not required Not required
Not required. At-Bay provides a sophisticated security scan during underwriting as well as access to At-Bay Stance
At-Bay for all insureds during the policy period with security services that help protect insured businesses.
For most applicants, application materials are required. Completion and underwriting review of an application.
Beazley A third-party assessment may be required for some ac- Other information may be required depending upon
counts. the risk
Not required but voluntarily accepted for assistance in Not required but voluntarily accepted for assistance in
Berkley Cyber Risk Solutions underwriting underwriting
CFC No security assessment required
Generally, not required. We also offer additional loss control services, which may include an external assessment
Chubb and a Chubb contribution to the cost of the assessment. For a more thorough overview of chubb’s loss mitigation
services, visit here: www.chubb.com/us-en/business-insurance/products/cyber-insurance/us-cyber-services.html
Cincinnati Not required
Not required. Coalition provides a cyber-risk assessment for all clients as part of the quote process and are continu-
Coalition ally monitored. Recommendations are periodically provided to policyholders and brokers.
No invasive third-party assessment is required. Corvus
No invasive third-party assessment is required. Corvus
runs their proprietary noninvasive IT security assess-
Corvus runs their proprietary noninvasive IT security assessment
ment on prospective insureds at the time of underwrit-
on prospective insureds at the time of underwriting.
ing.
No invasive third-party assessment is required. Hiscox may run a noninvasive IT security assessment on prospec-
Hiscox tive insureds.
Underwriter discretion—risk dependent. Liberty Mutual/Ironshore will run a noninvasive third-party assessment of
Liberty Mutual/Ironshore each prospective insured prior to quoting.
Not required but Mosaic X SAFEinside available to all primary insureds as an added benefit and allows for unlock-
Mosaic ing of additional policy features and discounts
Application materials are required. Resilience also conducts a noninvasive/external security assessment of each
Resilience prospective insured at the quote stage of the underwriting process and will provide said insured with pertinent secu-
rity recommendations throughout the duration of the policy period.
Security assessments may be required depending on in- Security assessments may be required depending on
Travelers sured’s industry or limits. insured’s industry or limits.
Zurich Underwriter discretion Underwriter discretion

Page 55
The Betterley Report

First-Party Coverage:
Direct Damage and Business Interruption
Direct Business
Destruction of Virus Denial of
Insurer Damage to Interrup-
Data Extraction Services
Equipment tion
Yes (through
AIG CyberEdge PC or Yes Yes Yes Yes
Cyber Property)
Allianz (AGCS) Yes Yes Yes Yes Yes
Yes, bricking
Allied World coverage availa- Yes Yes Yes Yes
ble
Yes, bricking
coverage availa-
At-Bay ble via endorse-
Yes Yes Yes Yes
ment
Yes, computer
hardware re-
placement costs
Beazley coverage availa-
Yes Yes Yes Yes
ble via endorse-
ment
Yes, supple-
mental coverage
includes reim-
bursement of
Available by en- costs and ex-
Berkley Cyber Risk dorsement sub-
Yes
penses to iden-
Yes Yes
Solutions ject to underwrit- tify or remove
ing software pro-
gram errors,
malware, com-
puter viruses or
vulnerabilities
No, but policy al-
lows for replace-
CFC ment of hardware Yes Yes Yes Yes
where it makes
economic sense
Yes, digital as-
Chubb No Yes, digital data loss
set loss
Yes Yes

Cincinnati No Yes Yes Yes Yes

Yes, available by Yes, including de-
endorsement pendent business Yes, including as low as
Coalition (BI/PD first-
Yes Yes
interruption at full 1-hour waiting period
party) limits
Yes, available
Corvus via endorsement
Yes Yes Yes Yes

Yes, via bricking

Hiscox sublmit
Yes Yes Yes Yes

Yes, bricking
coverage pro-
Liberty Mutual/Iron- vided at full limit Yes Yes Yes Yes
shore in base policy
form
Mosaic Yes Yes Yes Yes Yes

Resilience Yes Yes Yes Yes Yes

Page 56
The Betterley Report

First-Party Coverage:
Direct Damage and Business Interruption
Direct Business
Destruction of Virus Denial of
Insurer Damage to Interrup-
Data Extraction Services
Equipment tion
Yes, business in-
terruption availa-
ble for income loss
Yes, business interrup-
Yes, restoration expenses and extra expense
tion available for in-
under Data Restoration In- directly caused by
Travelers No
suring Agreement available
Yes
a security breach,
come loss and extra ex-
pense directly caused by
as a coverage option system failure, or
a security breach
voluntary shut-
down to minimize
business loss
Yes, reasonable
and necessary
expenses to
Zurich By endorsement Yes minimize or re- Yes Yes
duce an inter-
ruption of ser-
vice

Page 57
The Betterley Report

Coverage for Loss Resulting from State-Sponsored

or Terrorist Act
Insurer State-Sponsored Act Terrorist Act
AIG Standard war exclusion; explicit cyberterrorism coverage available by endorsement

Allianz (AGCS) Standard war exclusion with a cyber-terrorism carveback

Standard war exclusion, with a cyber-terrorism
Allied World Standard war exclusion, with a cyber-terrorism carveback
carveback
Standard war exclusion, with a cyber-terrorism
At-Bay Standard war exclusion, with a cyber-terrorism carveback
carveback
New War and Cyber War Exclusion effective 01-Jan-2023:
1. EXCLUSIONS is amended to include:
War and Cyber War
The coverage under this Policy will not apply to any Loss arising:
1. directly or indirectly out of War; or
2. from a Cyber War.
This exclusion applies notwithstanding anything to the contrary in this Policy or any appendix or endorsement
added to this Policy.
2. For the purposes of this endorsement only:
Cyber War means any harmful act, conducted using a Computer System (or series of related, repeated or con-
tinuing harmful acts conducted using one or more Computer System), directed against one or more Computer
System that is committed by, or at the direction or under the control of, a sovereign state, and which:
1. is conducted as part of a War; or
Beazley 2. causes a major detrimental impact on:
(i) the functioning of another sovereign state due to disruption to the availability, delivery
or integrity of any Essential Service in that other sovereign state; and/or
(ii) the security or defense of another sovereign state,
provided however that Cyber War shall not mean the direct or indirect effect of such harmful act(s) which causes
a major detrimental impact on a sovereign state as described in parts 2.(i). and/or 2.(ii) above, on a Computer
System operated by and either owned by or leased to the Insured Organization or operated by a Dependent
Business, that is not physically located in a sovereign state which has suffered such major detrimental impact de-
scribed in parts 2.(i). and/or 2.(ii) above.
Computer System means computers, any software residing on such computers, and any associated devices or
equipment.
War means the use of physical force by a sovereign state against another sovereign state (whether war be de-
clared or not) or as part of a civil war, rebellion, revolution, insurrection and/or military or usurped power.
Berkley Cyber Risk Terrorism coverage included Terrorism coverage included
Solutions
CFC Yes, but acts of war are excluded Yes
New war exclusion introduced via endorsement in most states (2021 and 2022 filing). Terrorism not excluded.
Chubb Available explicitly for certified acts via TRIA.
Not excluded; affirmative carveback for cyber terrorism. Not excluded; affirmative carveback for cyber ter-
Cincinnati TRIA is provided rorism. TRIA is provided
Coalition War exclusion with cyber terrorism carveback

Corvus TRIA is provided TRIA is provided

War exclusion: will have no obligation to pay any sums under this policy arising out of or in consequence of war,
invasion, acts of foreign enemies, hostilities (whether war has been declared or not), civil war, rebellion, revolu-
Hiscox tion, insurrection, military, or usurped power; confiscation, nationalization, requisition, destruction of, or damage
to property by or under the order of any government, public or local authority; cyberwarfare; any nuclear, chemi-
cal, biological, or radiological agents or materials malicious act—TRIA option available as well
Liberty Mutual/Iron- Standard war exclusion, with a cyber-terrorism carveback
Standard war exclusion, with a cyber-terrorism
shore carveback

Mosaic In compliance with Lloyd's mandate as of April 1, 2023

Resilience War exclusion, with a cyber-terrorism carveback Cyber-terrorism carveback/TRIA included

Page 58
The Betterley Report

Coverage for Loss Resulting from State-Sponsored

or Terrorist Act
Insurer State-Sponsored Act Terrorist Act
The insurer will not pay loss arising out of: a. war,
The insurer will not pay loss arising out of: a. war, includ-
including undeclared or civil war; b. warlike ac-
ing undeclared or civil war; b. warlike action, including ac-
tion, including action in hindering or defending
tion in hindering or defending against an actual or expected
against an actual or expected attack, by any gov-
attack, by any government, military force, sovereign, or
ernment, military force, sovereign, or other author-
other authority using military personnel or other agents; or
ity using military personnel or other agents; or c.
c. insurrection, rebellion, revolution, usurped power, or ac-
Travelers tion taken by governmental authority in hindering or de-
insurrection, rebellion, revolution, usurped power,
or action taken by governmental authority in hin-
fending against any of these. This does not apply to an ac-
dering or defending against any of these. This does
tual or threatened attack against a computer system with
not apply to an actual or threatened attack against a
intent to cause harm, or further social, ideological, politi-
computer system with intent to cause harm, or fur-
cal, or similar objectives, except when in support of a
ther social, ideological, political, or similar objec-
through c.
tives, except when in support of a through c.
Zurich No response No response

Page 59
The Betterley Report

Theft (First-Party) Coverage

Theft of the Theft of
Economic Finished
Insurer Theft Value of In- Goods or Ex-
of tellectual Theft of Money or Work in tor- Theft of Compu-
Data Property Securities Process tion ting Resources
Yes, available
Yes, available through cyber- through cyber- Yes, via network interruption
AIG Yes No
crime coverage endorsement crime coverage en-
Yes
coverage
dorsement
Allianz (AGCS) Yes No Yes No Yes Yes
Yes, via network interruption
Allied World Yes No Yes, via cyber crime No Yes
coverage
At-Bay Yes No Yes Yes Yes Yes
Yes, within eCrime insuring
Beazley Yes No
agreement
No Yes Yes

Yes, cover for denial of ser-

Yes, thru the cyber crime
Berkley Cyber Yes No and/or social engineering in- No Yes
vice attacks.
Telecommunication Fraud is
Risk Solutions suring agreement. available by endorsement.
Cryptojacking coverage is
available by endorsement.
Yes, cover for denial of ser-
Yes, full computer crime
CFC Yes No
cover included as standard
No Yes vice attacks and also tele-
phone hacking
Digital
Yes, via endorsement and
Chubb data re- No Yes, via endorsement No Yes
digital data recovery
covery
Computer attack coverage in-
Coverage available under Coverage available cludes unauthorized access
Cincinnati Yes No
crime under crime
Yes
incidents and telecommuni-
cations fraud.
Yes, included in funds trans- Yes, by endorse- Yes, available with service
Coalition Yes No
fer fraud ment
Yes
fraud
Yes – tangible
Corvus Yes No Yes property which as Yes Yes
intrinsic value
Yes; via cyber crime—fraud-
ulent transfer of funds due to
hacker issued fraudulent in-
struction to financial institu-
tion
Social engineering— volun-
tary parting of title due to so- No, carveback to
Yes – Third Party
Hiscox Yes
IP
cial engineering or other con- include available Yes Yes, via utility fraud
fidence tricks via endorsement
Reverse social engineering—
fraudulent transfer of funds
owed to the insured through
the intentional use of the in-
sureds computer system to
mislead client/vendor
Yes, due to fund transfer Yes, within securi- Yes, in telecommunications
Liberty Mu- Yes No fraud, social engineering, and ties representing Yes fraud and cryptojacking cov-
tual/Ironshore invoice manipulation property erage enhancements

Page 60
The Betterley Report

Theft (First-Party) Coverage

Theft of the Theft of
Economic Finished
Insurer Theft Value of In- Goods or Ex-
of tellectual Theft of Money or Work in tor- Theft of Compu-
Data Property Securities Process tion ting Resources
Due to social engineering
funds transfer fraud or in-
Mosaic Yes No
voice manipulation by en-
No Yes Yes
dorsement
Yes, social engineering, in-
voice manipulation, and
Resilience Yes No
transfer fraud for direct fi-
No Yes Yes
nancial loss sustained.
No, coverage for unauthor-
Theft of Yes, coverage Yes,
Theft of intellec- Yes, coverage available for ized access to the insured’s
data as a available for theft available
tual property as theft of money and securities telephone systems resulting
Travelers first party
first party loss is due to computer fraud and
of other tangible as a cov-
in charges by the telephone
loss is not property caused by erage op-
not covered funds transfer fraud service provider (telecom)
covered computer fraud tion
available
Yes, may trigger first-party
Yes, due to social engineer-
coverage. Coverage for cryp-
ing funds transfer, or invoice
Zurich Yes No
manipulation by endorse-
No Yes tojacking and telecom fraud
are also available by endorse-
ment
ment.

Page 61
The Betterley Report

Theft (First-Party) Coverage – Deceptive Funds Transfer

Typically
Allied World $500,000
$100,000
No restrictions Yes No No

Typically sub- Any electronic com-

At-Bay Varies by risk
limited munication
Yes Yes No

All forms including

written, electronic
Beazley Varies by risk Varies by risk (including email or Yes No No
web based), or tele-
phone
Cyber crime
Available and social en-
through either gineering are
the cyber crime provided by Invoice fraud endorse-
or social engi- separate insur- ment provides reimburse-
Fraudulent instruc-
Berkley Cyber Risk neering insuring agree-
tion transmitted via Yes
ment for customer pay-
No
Solutions ing agreement. ments with
email or telephone
ments misdirected due to
Limits up to separate limits fraudulent communica-
the policy ag- and retentions, tion
gregate availa- subject to the
ble. policy aggre-
gate
Typically
CFC $1 million
$250,000
All Yes Yes Yes

Refer to cyber,
Refer to cyber, privacy, privacy, and net-
Subject to un- Subject to un- and network security lia- work security lia-
Chubb derwriting derwriting
Yes Yes
bility, exclusions apply bility, exclusions,
and crime endorsements. and crime en-
dorsements.
Cincinnati Coverage available under crime No No
Yes, if fraudulent com-
By default, but munication was result of Yes, phishing/im-
Any electronic com-
Coalition $5 million maximum
munication
Yes insured security failure or personation cover-
limit available with phishing/impersona- age
tion endorsement

Page 62
The Betterley Report

Theft (First-Party) Coverage – Deceptive Funds Transfer

or Social Engineering
Cost To
Cost To
Nature of Reimburse
Electronic Reimburse
Electronic Customer’s
Funds Customer’s
Missive Funds for
Transfer Funds for Their
Covered Their Loss
Maximum Sublimit, Fraud of Loss Arising
Insurer (i.e., Email, Arising Out
Limit if any? the Out of Fraudu-
Text, Instant of Fraudu-
Insured’s lent Communi-
Messaging, lent Web-
Funds cation Purport-
Phone, sites Pur-
Covered? ing To Be from
etc.)? porting To
You
Be Yours
Telecommunications
fraud, phishing at-
$250,000
Corvus $1 million
standard
tack, financial fraud, Yes Yes Yes
and invoice manipu-
lation
Any written or elec-
tronic communica-
Hiscox $250,000 $100,000
tion or telephonic
Yes Yes No
instruction
Fund transfer fraud:
Yes, fraudulent invoice
written, electronic,
or payment instruction
telegraphic, cable
originating from the in-
teletype, or tele-
Liberty Mutual/Iron- Risk Depend- Up to
phone instruction Yes
sured’s network that is
No
shore ent $250,000 sent to a customer or cli-
Social engineering:
ent of the insured and is
written, electronic,
the result of a malicious
email / web based,
attack
telephone.
Mosaic $500,000 $500,000 Any Yes Yes No

Resilience Varies Varies Any Yes No No

Social engineer-
ing fraud and
TBD, depends vendor or client
TBD, depends
on limit pur- payment fraud
on limit pur-
chased (for (by endorse-
chased (for
Travelers funds transfer
funds transfer N/A ment) insuring No No
fraud and agreements for
fraud and com-
computer transfer, pay-
puter fraud)
fraud) ment, or deliv-
ery of money or
securities.
Modes of communi-
No, but coverage may be
cation as defined in
available via endorse-
Zurich $250,000 $250,000 the policy for a so- Yes
ment for invoice manipu-
No
cial engineering
lation
fraud event

Page 63
The Betterley Report

Extortion/Ransomware Coverage (1)

Is Coverage Sublimit Deducti-
Insurer
Offered? Coverage Trigger (if Any) ble/SIR
Up to policy
AIG Yes Security threat and privacy threat
limit
Varies

Threats to introduce cyber-attack, damage or de- Reduced SIR availa-

Allianz (AGCS) Yes stroy data, disseminate PII, interruption of access, No sublimit ble subject to under-
and malicious code writing
Network extortion means a credible threat or con-
nected series of credible threats made by a natural
person to (1) commit or to continue an attack on an
insured’s network, (2) disclose protected infor-
Allied World Yes
mation obtained as a result of unauthorized access
Varies Varies
to or unauthorized use of an insured’s network, (3)
commit cyber terrorism, or (4) refuse to return or
unencrypt digital assets.
Extortion threat means any credible threat or series
of related threats made to an insured by a third party
person or group, or by a rogue employee who is not
a member of the control group and who is acting in
a manner not authorized by the insured organization,
which threatens to take any of the following actions
unless an insured pays such group or person the
funds demanded, or meet some other non-monetary
demand, in exchange for the mitigation or removal
of such threat:
Varies
At-Bay Yes a. cause an information privacy event or network Varies
security event;
b. alter, corrupt, damage, manipulate, misappro-
priate, encrypt, delete, or destroy any computer
system, corporate data, or protected personal
information;
c. restrict or inhibit access to a computer system;
or
any action connected to the continuation or further-
ing of any already commenced action referenced in
paragraphs a.-.c. above.
Cyber extortion loss (both policy forms) cover-
age for payments made by or on behalf of the in-
sured organization to prevent or respond to a threat
to (i) alter destroy, damage, delete or corrupt data;
(ii) perpetrate the unauthorized access or use of the
insured organizations computer systems; (iii) pre-
Beazley Yes vent access to the insured organization’s computer Full limits Policy deductible
systems; (iv) steal, misuse or publicly disclose data,
personally identifiable information or third party in-
formation; (v) introduce malicious code into the in-
sured organization’s computer systems; (vi) inter-
rupt or suspend the insured organization’s computer
systems.
Ransomware Threat Event means a credible threat Ransomware
Ransomware insur-
to cause a data security event, alter, corrupt, de- insuring agree-
ing agreement reten-
stroy, disrupt, delete or prevent access to any data ment limits
tion can be equal to
Berkley Cyber Risk Yes provided by separate in- asset in the company’s computer system or prevent available up to
or different from the
Solutions suring agreement. access to, or interrupt or suspend the operation of and equal to
other policy insuring
the company’s computer system where there exists the policy an-
agreement’s reten-
a demand for an extortion payment as a condition nual aggregate
tions.
of mitigation or removal of such threat limit

Page 64
The Betterley Report

Extortion/Ransomware Coverage (1)

Is Coverage Sublimit Deducti-
Insurer
Offered? Coverage Trigger (if Any) ble/SIR
Ransomware is included under the definition of
cyber event, which means that all costs relating to
incident response, system damage, business inter-
ruption, liability claims, regulatory fines, penalties Full limits ap- Policy deductible
CFC Yes
etc. as a result of a ransomware attack will be ply applies
picked up. There is also a specific extortion section
under the cyber-crime insuring clause which picks
up ransom payments.
Dedicated in-
Ranges from $0 to
Chubb Yes Yes suring agree-
$250 million
ments
Demand for money based on a credible cyber-ex-
Cincinnati Yes
tortion threat.
None Varies

Threat made against you

expressing the intent to:
1. transfer, pay, or deliver any funds or property be-
longing to you, or held by you on behalf of others,
using a computer system
without your permission, authorization, or consent;
2. access, acquire, sell, or disclose non-public infor-
mation in your care, custody, or control, provided
such information is stored in an
electronic medium in a computer system and is re-
Coalition Yes trievable in a perceivable form; Full limits Retention applies
3. alter, damage, or destroy any computer program,
software, or other electronic data that is stored
within a computer system;
4. maliciously or fraudulently introduce malicious
code or ransomware into a computer system; or
5. initiate a denial of service attack on a computer
system;
where such threat is made for the purpose of de-
manding payment of money, securities, Bitcoin, or
other virtual currencies from you.
Extortion expenses and extortion payment incurred Policy deductible
Corvus Yes
directly as a result of a cyber extortion threat.
Full limit
applies
USD 25,000
Receipt of extortion threat from a third party (in-
sublimit or
cluding acts of an employee acting outside of the
25/75 coinsur-
scope of their duties and without the authorization
ance—depend-
of the insured organization) to commit or continue
ing on backup
an intentional attack against the insured organiza- Per policy deducti-
Hiscox Yes
tion’s computer systems or publicly disclose confi-
methodology.
ble/SIR
Option for en-
dential corporate information or personally identifi-
hanced cover-
able information misappropriated from the insured
age up to full
organization if money, securities, or other property
limit also
of value is not paid.
available.
Ransomware and network extortion threat means a
credible threat or connected series of credible
threats made by a natural person including a rogue
employee against an insured where such natural
Full limit
person:
Liberty Mutual/ available—
1. interrupts or threatens to interrupt the network SIR applies, varies
Yes sublimit may
Ironshore through a malicious attack; or
be applied on
per risk
2. disseminates, divulges, encrypts or improperly
select risks
utilizes or threatens to disseminate, divulge, encrypt
or improperly utilize any personally identifiable in-
formation or confidential corporate information in
any format.

Page 65
The Betterley Report

Extortion/Ransomware Coverage (1)

Is Coverage Sublimit Deducti-
Insurer
Offered? Coverage Trigger (if Any) ble/SIR
Cyber extortion event means any credible threat di-
rected to the insured organization demanding a
payment to eliminate, avoid, or mitigate the threat
to:
CYB-F-500U (08/23)
©Mosaic Americas Insurance Services LLC, 2023
Page 6 of 22
1. Encrypt, alter, damage, manipulate, or destroy
data stored in the insured organization’s computer Full policy
Mosaic Yes system; limit unless Varies
2. Access, release, or disseminate protected infor- sublimited
mation stored in the insured’s organization’s com-
puter
system;
3. Restrict or inhibit the insured’s access to the in-
sured organization’s computer system;
4. Use the insured organization’s computer system
to generate or transmit malware to third parties; or
5. Deface the insured organization’s website.
Extortion threat—a threat to: (1) alter, destroy,
damage, delete or corrupt data, (2) perpetrate the
unauthorized access or use of computer systems, (3)
prevent access to computer systems or data, (4)
steal, misuse or publicly disclose data, personally
Resilience Yes identifiable information or third-party information, Varies Varies
(5) introduce malicious code into computer systems
or third-party computer systems from computer sys-
tems, or (6) interrupt or suspend computer systems;
unless an extortion payment is received from or on
behalf of the insured organization.
The insurer will reimburse, or pay on behalf of, the
Typically of-
Yes, cyber extortion insur- insured for cyber extortion costs, resulting from a Typically the policy
Travelers ing agreement is available. cyber extortion threat that is discovered during the
fered at full
deductible applies
limits
policy period.
Under the first party insuring agreement, the insurer
will reimburse the insured for extortion expenses
and extortion payments the insured actually paid Full policy
Zurich Yes that directly results from a cyber extortion that is limit unless Varies by account
first received during the policy period. sublimited
Note, reimbursement by the insurer may be prohib-
ited by OFAC sanctions.

Page 66
The Betterley Report

Extortion/Ransomware Coverage Included (2)

Cost of a Cost To
Incident Payment in
Ransom Ransom Rebuild or
Insurer Response Cryptocurren-
Payments Payment Replace the Af-
Costs cies Allowed
Intermediary fected System
Via event management
Yes, endorsements Yes, endorsements Yes, endorsements
AIG Yes
available available available
and/or network interrup-
tion coverage
Allianz (AGCS) Yes Yes Yes Yes Yes
Bricking coverage is
Allied World Yes Yes Yes Yes
available
At-Bay Yes Yes Yes Yes Yes
Data recovery included
Our breach response ser- Our breach response ser-
in the base policy form;
vices team handles the vices team serves as the
Beazley Yes
incidents for our in- ransom payment inter-
Yes computer hardware re-
placement costs offered
sureds. mediary.
by endorsement.
Yes, includes reasonable
Yes, includes reasonable
and necessary fees and
Yes, surrendered by the and necessary fees and
expenses incurred by the
Berkley Cyber company in the form of
company to prevent, ter-
expenses incurred by the
Yes
Available by endorse-
Risk Solutions money, securities or dig- company to prevent, ter- ment
minate, or determine the
ital currency minate, or determine the
credibility of such
credibility of such threat
threat.
CFC Yes Yes Yes, where necessary Yes Yes

Chubb Yes Yes Yes Yes Yes

Yes, costs of negotia- Yes, system restoration
Negotiator/investigator Yes, we will pay US
Cincinnati Yes tor/investigator and ran-
is covered. equivalent.
is covered under com-
som are covered. puter attack coverage.
Yes, as part of extra ex-
Coalition Yes Yes Yes Yes
penses
Yes, available via en-
Corvus Yes Yes Yes Yes
dorsement
Included via provided
Hiscox Included Included
breach coach
Yes Yes via data recovery

Yes within Network As-

Liberty Mu- Yes Yes Yes Yes set Loss Insuring Agree-
tual/Ironshore ment
Mosaic Yes Yes Yes Yes Yes

Resilience Yes Yes Yes Yes Yes

Computer and Legal Ex-
pert and Data Restora-
Travelers Yes Yes Yes Yes
tion Insuring Agree-
ments available.
Yes, there may be cover-
age in the base form de-
Provided reasonable and pending on the circum-
Zurich Yes Yes
necessary expense
Yes
stances. A bricking en-
dorsement is also availa-
ble.

Page 67
The Betterley Report

Third-Party Coverage:
Bodily Injury and Property Damage
Bodily Injury Property Damage
Insurer
Direct Contingent Direct Contingent
Yes, available
Yes, available through Yes, available through through
Yes, available through
AIG CyberEdge PC or CyberEdge
CyberEdge PC or CyberEdge Plus
CyberEdge PC or CyberEdge PC or
Plus CyberEdge Plus CyberEdge Plus
Casualty
Varies for coverage parts; carve- Consider for spe-
Yes, available via
Allianz (AGCS) backs for mental anguish and Yes, subject to underwriting
bricking incident
cific accounts sub-
emotional distress ject to underwriting
Mental anguish
Allied World emotional distress carveback
No No No

Yes, available via

At-Bay No Available via endorsement
bricking endorsement
No

Contingent property
damage is available
Contingent bodily injury is
to select insureds
Beazley No available to select insureds via en- No
via endorsement
dorsement subject to underwriting
subject to under-
writing
No, except for mental anguish, No, except for mental anguish, hu-
Berkley Cyber Risk humiliation or emotional distress miliation or emotional distress re-
No No
Solutions resulting from a privacy event or sulting from a privacy event or
cyber media event cyber media event
Hardware replace- Hardware replace-
CFC No Yes, on healthcare cyber form ment costs are cov- ment costs are cov-
ered ered
For any bodily injury. However,
solely with respect to Insuring
Agreement E and Insuring
Agreement F, this exclusion shall
Chubb not apply to mental injury, men- Via endorsement No Endorsement
tal anguish, mental tension, emo-
tional distress, pain and suffering,
or shock resulting from an inci-
dent.
Yes, if arising from media liabil-
Cincinnati ity
Yes, if arising from media liability No No

Yes, via endorse-

Coalition Yes, via endorsement Yes, via endorsement Yes, via endorsement
ment
Available via endorse-
Corvus No Yes
ment
Yes

Available via en-

Hiscox No Available via endorsement No
dorsement
Considerable via
Liberty Mutual/Ironshore No Considerable via endorsement No
endorsement
Mosaic No Via endorsement No Via endorsement

Resilience No Yes No Yes

No (emotional distress coverage No (emotional distress coverage
Travelers available) available)
No No