Zurich Cyber Security & Privacy Liability Policy
Security, Solutions, Simplicity
For most organizations, a serious and potentially damaging cyber attack is more a matter of ‘when’, not ‘if’.
A convenient, single solution to help protect your business against cyber risks
This proposition can help you protect against the risks of a serious data breach. The program brings together features often attached to other commercial policies as coverage extensions by endorsement.
Key coverages and benefits
LIABILITY COVERAGES
Security and Privacy Liability
Regulatory proceedings defense costs
Civil fines and penalties associated with Payment Card Industry (PCI) and General Data Protection Regulation (GDPR)
Internet media liability
NON-LIABILITY COVERAGES
Privacy breach costs, including:
Forensic investigation expenses
Legal and public relations expenses
Credit and identity monitoring costs
Identity restoration and identity theft insurance costs
Call center costs
Business income loss, dependent business income loss (i.e., loss insured incurs due to a vendor’s network security event) and extra expense
Digital asset replacement expense
Cyber extortion threats and reward payments
System failure and dependent system failure
Reputational damages
Social engineering funds transfer
Claims mitigation costs
Additional policy highlights
Coverage limits available up to USD25 million
Business interruption coverage is triggered if a breach requires a voluntary shutdown of operations or a regulator ordered shutdown
System failure and administrative errors can also trigger coverage
Affirmative coverage for wrongful data collection
Affirmative European General Data Protection Regulation (GDPR) coverage availability
Definition of insured person extended to include temporary employees, volunteers or interns
Definition of extra expenses amended to include forensic expenses
Broad definition of computer system, including industrial control systems and bring-your-own-device (BYOD) programs
No vendor restrictions – you may seek assistance from the post-breach vendors of your choice
Cyber Risk Engineering services
On a fee-basis, Zurich’s Cyber Risk Engineering team can also assist in the ongoing development and maintenance of a robust information security management system built on three essential pillars: people, process and technology.
People
Board of directors and C-suite education
User awareness training, including phishing, social engineering, password standards and management and business email compromise
Security team training
Hiring practice security guidelines
Access management (i.e., users, vendors, privileged users and remote users)
Process
Cybersecurity strategy
Capability road map
Policy and procedure development including, but not limited to, acceptable use, asset management, vulnerability and patch management, risk assessment, vendor management, incident response and disaster recovery
Management metrics for cybersecurity
Technology
Recommendations for a range of specialized technology solutions with leading external security vendors and consultants
ZenOpz 24 / 7 / 365 Network Monitoring
An optional service available to organizations selecting the Zurich Cyber Security & Privacy Liability Policy.
In association with a leading managed security service provider (MSSP), Zurich can offer the following services on an opt-in basis, included in the policy premium:
A complimentary, one-time 360-degree technical assessment of your network and all devices connected to it
Real-time, 24/7 monitoring of up to 50 connected devices on your network, such as servers, workstations, firewalls and other log generating devices
On a weekly basis, a full vulnerability scan of all devices in your agreement, with full status reports and patch recommendations to mitigate revealed vulnerabilities
Ability to add devices for monitoring beyond the initial 50 for a fee
Protection for your business 24 / 7 / 365
DigitalResolve is a crisis management service, provided under your Zurich Cyber Security & Privacy Liability Policy, offering a global one-stop shop that harnesses and manages the resources you need to recover from a damaging cyber event.
If an incident occurs, you can call our multilingual team, day or night. A dedicated Incident Manager will then appoint and coordinate cyber experts to support your business. They will remain in place from notification to conclusion, managing the services and acting as your main point of contact throughout.
Contact DigitalResolve whenever an incident occurs, 24/7 365 days a year.
Incident Manager appointed immediately.
IT forensic experts appointed (if required) – they locate and act to resolve the event, and report to the Incident Manager.
Incident Manager consults with you and appoints other experts as required, such as lawyers and PR consultants.
Regular discussions between your business and all parties to agree best approach.
Other experts appointed where necessary, for example, notification and creditmonitoring specialists.
Comprehensive summary document issued at service conclusion.
SECURITY AGAINST THE GROWING THREAT OF COSTLY CYBER ATTACKS
SOLUTIONS PROGRAMMED TO RESPOND TO AN EVOLVING RISK ENVIRONMENT
SIMPLICITY IN PROTECTING AGAINST RISK WITH ONE CONVENIENT PROGRAM
Further information
As the digital and physical worlds coalesce, cyber risks are undergoing fundamental changes that affect all stakeholders in different ways. Read more on cyber risk in the Zurich knowledge hub.
Contact us
Products and services vary by country
Because the needs of our customers are different, our products and services also vary
around the world. Insurance and financial products and services are provided by licensed
members of the Zurich Insurance Group (Zurich). Not all products or services listed are
available in all jurisdictions or to all customers. Please contact your local Zurich office for
details about the relevant products and services in your country. No warranties or
guarantees are being made by Zurich based on statements on this website.