​​​​What Does the NANRS Product Cover?

Cyber Insurance

As data breach incidents and related cyber risks continue to increase more and more, companies have decided to offset this risk through the coverage of a cyber risk insurance policy.  NANRS offer their insured different policy combinations of traditional liability coverage, protecting against claims by third parties, and first-party coverage protecting against losses suffered by the insured.  

While no company can reasonably expect to secure every available component of coverage, awareness of differences among the offered policies is critical.  Some clauses, terms and conditions of cyber policies can have a significant impact on coverage.  

Some of these important features are: 

  • Third-Party (Liability) Coverages:

  • Privacy Liability Coverage:  This includes liability to the insured's customers, clients and employees for breaches of their private information which can be a major component of liability in the case of a data breach.
  • Regulatory Actions:  There is substantial variance among cyber policies regarding whether and to what extent they provide coverage for regulatory and other governmental actions. 
  • Notification Costs:  This coverage includes the costs of notifying third parties potentially affected by a data breach.  There is an ever-increasing and constantly evolving landscape of breach notification laws on a state-by-state basis. 
  • Crisis Management:  This coverage includes the costs of managing the public relations outfall from most data breach scenarios. 
  • Transmission of viruses/malicious code:  As its name suggests, this coverage protects against liability claims alleging damages from transmission of viruses and other malicious code or data.  

  • First-Party Coverages:

  • Forensic Investigation:  Covers the costs of determining the cause of a loss of data.
  • Network/Business Interruption:  Covers the costs of business lost and additional expense due to an interruption of the insured's computer systems.
  • Extortion:  Covers the costs of "ransom" if a third party demands payment to refrain from publicly disclosing of causing damage to the insured's confidential electronic data. 
  • Data Loss and Restoration:  This component--included in some but not all cyber policies--covers the costs of restoring data if it is lost, and in some cases, diagnosing and repairing the cause of the loss.  

Terrorism Insurance

This policy provides coverage to individuals and businesses for potential losses due to acts of terrorism.  Prior to 9/11, standard commercial insurance policies included terrorism coverage as part of the package, effectively free of charge.  Today, terrorism coverage is generally offered separately at a price that more adequately reflects the current risk. 

Insurance losses attributable to terrorist acts under these commercial policies are insured by private insurers and reinsured or "backstopped" by the federal government pursuant to the Terrorism Risk and Insurance Act of 2002 (TRIA).  Under TRIA, owners of commercial property, such as office buildings, factories, shopping malls and apartment buildings, must be offered the opportunity to purchase terrorism coverage.  On January 7, 2015, TRIA was extended through 2020 and on January 15, 2015, the extension was signed into law.  For the terrorism coverage to be triggered under TRIA for commercial policies, a terrorist act must be declared a "certified act" by the Secretary of the Treasury.