Cyber Insurance Coverage & Products

Whatever your company size, Chubb can provide innovative cyber insurance solutions. Our core cyber insurance products can be customized to fit your unique needs to minimize gaps and offer exceptional protections.

Discover the advantages of the Chubb ERM Suite of Products

• Chubb has been a leading provider of technology and cyber risk solutions since our first product was launched in 1998.
• There are no minimum premiums. Premiums scale for all sizes of risks based on the scope of coverage and limits.
• Online quoting and real-time policy issuance are available via Cyber Central, our new cyber centric quoting platform or via Marketplace, our multi-line quoting platform for eligible risks with less than $100,000,000 in revenue. Referred risks receive fast underwriter turnarounds.
• The global nature of cyber risk requires companies to understand how their policies can respond to an international event and what restrictions might apply in certain countries. Chubb can offer multinational cyber programs locally and cover more than 35 countries around the world, serviced by Chubb’s fully-staffed global services team – with the expertise to assist with multinational insurance needs and a global network of local incident response teams to respond if a cyber incident occurs.
  
• We offer a customizable cyber risk management solution for organizations with over $1B in revenue that need substantial primary limits of Chubb capital to build a large insurance tower program. DIC/DIL endorsements are also available to fill gaps between an organization’s cyber, casualty and property policies. Learn more about our Cyber Facility or guide to help identify coverage gaps here.

Cyber Enterprise Risk Management

Cyber incidents can impact any company, regardless of size and industry, and traditional insurance policies may be inadequate to respond to cyber exposures. Cyber ERM is the insurance solution to fill these gaps and provide affirmative protection for cyber, privacy and media exposures.

Target Clients

Any size organization that manages sensitive customer or employee information, third party corporate information, a computer network or a website.

Product Features

See below for all the Cyber Insurance features

DigiTech® Enterprise Risk Management

DigiTech® ERM provides technology companies with an insurance solution to address technology errors and omissions, media, and cyber exposures on one insurance policy and reduce potential coverage gaps.

Target Clients

Commonly targeted technology companies:

Software and system developers
Companies that develop off-the-shelf or customized computer software products, including dedicated tech industry consultants and integrators, value-added re-sellers, independent software vendors, system integrators and distributors.

Technology services and consulting
Companies that provide information technology services to other organizations, such as computer systems design, data warehousing, programming and integration, training and IT, and consulting services.

Electronics and hardware manufacturers
Companies that design, manufacture or distribute everything from computers and peripherals to communications.

Product Features

All the features of Cyber ERM summarized below, plus the following:

• Technology errors and omissions (E&O) for financial injury to third parties arising from insured’s products and services
• Broadened definition of technology incident
• Coverage available for software copyright infringement and product recall loss of use
• No exclusions for delays or failure to deliver

Professional Enterprise Risk Management

Pro ERM SM provides professional services firms of all sizes with an enterprise risk management solution to address professional, media and cyber exposures in one insurance policy – and reduce potential coverage gaps.

Target Clients

Available to non-licensed professional services firms of all sizes, but commonly targeted firms include associations, consultants, business process administrators, event planners, interior design firms, graphic design firms, marketing and public relations firms, printers and document management firms, staffing firms, travel agents, and trustees.

Product Features

All the features of Cyber ERM summarized below, plus the following:

• Errors and omissions (E&O) including personal injury arising out of professional services
• Broadened definition of professional services expressly includes professional technology services
• Broadened definition of insured includes independent contractors performing duties on your behalf
• Additional insured status automatically provided to clients when required by contract
• Access to legal counsel with extensive professional liability experience
• Includes professional disciplinary proceedings for code of conduct violations
• Coverage available for 100% of defense costs for covered claims worldwide

Cyber Insurance Coverage

First Party Coverage

Cyber incident response fund — Legal fees, forensics, notification costs, credit monitoring, public relations

Business interruption — Loss of net profits and continuing operating expenses from interruptions of insured’s systems; and with contingent business interruption, adds losses due to interruption of outsourced technology provider’s systems

Digital data recovery — Costs to restore or replace lost or damaged data or software

Network extortion — Reimburse extortion payments and negotiation expenses

Third-Party Liability Coverage

Cyber, privacy and network security liability — Liability for failure to protect private or confidential information of others or failure of network security

Payment card loss — Contractual liabilities owed to payment card industry firms because of a cyber incident

Regulatory proceedings — Defense for regulatory actions and coverage for fines and penalties, where insurable by law

Media liability — Liability following defamation or copyright and trademark infringement onlinecosts

Cyber Crime (by Endorsement)

Computer fraud — Third party accessing insured’s computers to take money

Funds transfer fraud — Third party tricking a bank into transferring funds from insured’s account

Social engineering fraud — Third party tricking an employee into transferring money

Cyber Coverage Highlights

• Non-Panel Incident Response Service Providers — If policyholders have already contracted with cyber incident response providers that are not current Chubb pre-approved service providers, we offer the flexibility to have them added to a policy. Learn about the formal process to have them included on your policy here.
• Innovative, industry-leading coverage designed to address evolving regulatory, legal, and cybersecurity standards and to anticipate future changes.
• Easy-to-read form aligned with the progression of typical cyber incidents in order to aid decision-making throughout the incident.
• Clearly labeled exclusions with competitive carve-backs.
• Discovery-based coverage at a control group level.
• Cyber Incident Response Expenses paid on behalf of the policyholder with expansive consumer-based solutions that are more robust than minimum regulatory requirements.
• Payment Card Loss coverage includes card reissuance costs.
• Business Interruption and Extra Expense language includes costs to retain forensic accounting firm to determine the amount of business interruption loss.
  
• Broadened definition of Protected Information includes biometrics, internet browsing history, and personally identifiable photos and videos.
• Digital Data Recovery includes telephone toll fraud — costs incurred as phone bill charges due to fraudulent calling.
• Extortion Expenses explicitly include bitcoin and other cryptocurrencies.
• Coverage territory applicable to anywhere in the universe.

As our dependence on technology continuously grows, so do the frequency, severity, and sophistication of cyber incidents. Chubb addresses growing cyber risks with a flexible and sustainable approach for policyholders. From coverage for widespread cyber catastrophes to rewarding good software security practices, Chubb addresses cybercrime evolutions with insurance innovations.

Widespread Event Endorsement

With the world becoming increasingly digitized and interconnected, widely used software programs, communication platforms, and technology platforms are leveraged and often relied upon by the vast majority of companies. A single attack upon and/or failure of one of these widely used platforms or technologies could create an aggregation risk that exceeds the insurance industry’s capacity to insure. In an effort to provide policyholders with coverage clarity and market stability, we provide affirmative and specific limits, retentions and coinsurance for widespread events. Learn more

Ransomware Encounter Endorsement

Ransomware attacks have grown dramatically in both frequency and severity. The loss to policyholders is far broader than just the value of the ransom amount. Whether the ransom is paid or not, policyholders often incur legal costs, forensic investigatory expenses, business interruption loss, digital data recovery costs, and potentially liability and legal defense costs. The ransomware encounter endorsement allows for tailoring of coverage limits, retention, and coinsurance for losses incurred as the result of a ransomware encounter.

Neglected Software Exploit Endorsement

Keeping software up to date is an important aspect of good cyber risk hygiene. Many losses can be prevented by patching vulnerable software before cyber criminals have an opportunity to exploit it, but some organizations may not patch software right away. Sometimes there are legitimate reasons why software updates need to be tested before being rolled out – and compatibility, capacity, or simple logistics issues may prevent even a well-run information security organization from deploying patches within the first day or week after they become available. Learn more

For policyholders that lack strong patch management hygiene, Chubb may address this risk by adding the neglected software exploit endorsement. This endorsement provides policyholders with a 45-day grace period to patch software vulnerabilities that are published as Common Vulnerabilities and Exposures (CVEs) within the National Vulnerability Database operated by the U.S. National Institute for Standards and Technology (NIST). After the 45-day grace period expires, there is risk sharing between the policyholder and insurer incrementally shifting to the policyholder, who takes on progressively more of the risk if the vulnerability is not patched at the 45-, 90-, 180-, and 365-day mark.