Qian - Insurance Blog

What are the exclusions in a Cyber Insurance Policy?

May 28, 2024

Qian

Leave a comment

Cyber Liability Insurance Policy

What are the exclusions in a Cyber Insurance Policy?
Contents

Today, the number and frequency of Cyberattacks are increasing by the day. A Cyber Liability Insurance Policy is an essential tool for a business to protect itself from the losses resulting from Cyberattacks. Business owners should read through Cyber Insurance Policy Wordings thoroughly to understand the Cyber Insurance Coverages as well as the exclusions in a Cyber Insurance Policy in detail as well. This article will explain the exclusions in a Cyber Insurance Policy in detail.

What are the exclusions in a Cyber Insurance Policy?

A Cyber Insurance Policy does not cover the following:

  1. Known Matters: Any Single Event or Circumstance first Discovered or Known before the inception of the Policy Period is not covered under a Cyber Insurance Policy in India.
  2. Deliberate or Reckless Conduct: A Cyber Insurance Policy will not pay any loss arising out of any dishonest, fraudulent, criminal, or reckless act or omission committed by or with the knowledge of any person who was a Responsible Person of the Insured at the time of such act or omission. This exclusion does not apply to Defence Costs unless such wrongdoing is established by final adjudication or written admission of the Insured or a Responsible Person.
  3. Contributed Loss: The Cyber Security Insurance Policy will not pay for loss arising out of the Insured failing in whole or in part to implement any reasonable recommendation made by the Legal Response Team, the PR Response Team or the IT Response Team whether in response to a Cyber Event or recommended by underwriters or the Cyber Insurance Company).
  4. Inadequate System Security: A Cyber Insurance Policy will not pay losses arising from any failure to: - update the Insured’s Systems security at the earliest possibility in respect of any identified or publicised vulnerability in the Insured’s Systems whose exploitation could: - allow code execution without user interaction, including self-propagation of malware, or browsing to a web page or opening email without warnings, or - result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources, or - proceed with at least one weekly full backup and one daily incremental backup of all Insured’s Systems databases. This Exclusion does not apply to any covered Revamp Advice Costs.
  5. System Enhancement: A Cyber Security Insurance Policy will not pay for any enhancement of the Insured’s Systems to a level beyond the state existing immediately prior to the Cyberattack, except to the extent that the relevant hardware or software is no longer available.
  6. Infrastructure Failure: Cyber Insurance in India does not cover any form of electrical, mechanical or software failure and / or interruption except: - in respect of Extension of Contingent Business Interruption Loss (if applicable), to the extent that such failure originates directly from covered Outsourced Systems, or - in respect of Extension of Outage Business Interruption Loss (if applicable), to the extent that such failure originates directly from the power supply owned and operated by the Insured. Data Protection Compliance Gaps: A Cyber Security Insurance Policy in India will not pay for any measures required to ensure compliance with mandatory rules applying to the collection, storage, processing or protection of Protected Data, except to the extent covered under Notification Costs or Monitoring Costs.
  7. Contractual Liability: A Cyber Liability Insurance Policy will not pay for any liability contractually assumed by the Insured, whether directly or by waiver or limitation of rights against third parties, that exceeds the ultimate liability (taking into account recourse actions) that would attach in the absence of such contractual assumption, except to the extent of covered PCI Penalties.
  8. Insolvency: A Cyber Insurance Policy does not cover Insolvency, Bankruptcy, or Liquidation of an Insured or any Service Provider operating and administering Outsourced Systems.
  9. Inadequate Goods or Services or Undue Remuneration: A Cyber Insurance Policy also does not cover
    • any Claim alleging an error or omission or failure to provide professional services or advice by or on behalf of the Insured, except to the extent such ab error or omission was contributed to by a covered Data Breach Incident
    • any Claim in respect of the fees, commissions or other compensation of the Insured for the actual, alleged or required provision of services or supply of goods by the Insured.
    • any Claim arising out of the misrepresentation of the quality or performance of goods or services supplied by the Insured, including any Claim arising out of a Product Recall, whether based on an actual or suspected defect in the said products
  10. Bodily Injury and Physical Damage: Bodily Injury and Physical Damage are one of the exclusions in a Cyber Security Insurance Policy.
  11. Government OR Regulator Action: A Cyber Insurance Policy does not cover any claim arising out of any act or order of any government or regulatory body disrupting the operation of or access to the Insured’s Systems or Outsourced Systems. However, this exclusion does not apply to Cyber Attacks committed by any such body or agency against the Insured’s Systems.
  12. War and Terrorism: Cyber Insurance in India does not cover any claim arising out of Acts of War, invasion, act of foreign enemy, hostile operations, Terrorism etc.
  13. Related Parties: Another exclusion under a Cyber Risk Insurance Policy relates to any Claim against an Insured brought by or on behalf of:
    • any other Insured,
    • any shareholder of an Insured Entity,
    • any entity in respect of which an Insured holds more than 25% of the voting rights or a managerial interest
    • any parent company of the Insured or subsidiary a Subsidiary of the Insured

Final Take

The trend of Cyberattacks are increasing by the day. Additionally, there are different types of Cyberattacks and such attacks are becoming more sophisticated with each passing year. So, the risk of Cyberattacks is one which cannot be ignored, and every organisation must purchase an Insurance Policy which offers comprehensive Cyber Insurance Coverage. Additionally, the Cost of a Cyber Insurance Policy is quite reasonable. Qian is a licensed Cyber Insurance Broker in India with experience of serving clients for their Cyber Insurance requirements over the years. If you wish to purchase a Cyber Insurance Policy, you can email us at email at insurance@qian.co.in or call us on 022-35134695. We would be glad to assist you.

  1. What is a Cyber Insurance Policy?
  2. What is Cyber Threat or Cyber Risk?
  3. On Security Insurance Necessity For Businesses
  4. What does a Cyber Insurance Policy Cover?
  5. What kind of losses does a Company suffer on account of Cyberattacks and Security Breaches?
  6. What is the average Cost of a Cyber Incident?
  7. What are the First Party Liability Coverages under a Cyber Liability Policy?
  8. What are the Expenses Covered under a Cyber Liability Policy?
  9. What are the Third Party Liability Coverages covered under a Cyber Liability Insurance Policy?
  10. Cyber Security Insurance Policy (Why Does It Matter?)
  11. What are the Exclusions under a Cyber Liability Insurance?
  12. Cyber Insurance Policy Cost (What is reasonable?)
  13. Get Best Quotes for Cyber Insurance Policy with Qian

GET A FREE QUOTE