Illinois Cyber Risk Insurance

We offer cyber risk insurance, also called cyber insurance or cyber liability insurance, to all types of organizations in Illinois. Cyber risk insurance is a type of coverage that provides protection to Illinois organizations in connection with losses caused by cyber attacks and data breaches.

All industries are vulnerable to cyber attacks and data breaches as they are becoming more common. The average cost of a data breach in Illinois is around $10 million and includes costs related to business disruption, revenue loss, equipment damages, legal fees, public relations expenses and forensic analysis, as well as notification costs that are legally mandated in most states.

Cyber risk insurance is designed to address those costs and can be purchased as a stand alone policy or as part of a package.

What coverages are available in a cyber risk insurance policy in Illinois?

Cyber insurance is designed to provide various third-party and first-party coverages. Examples of coverages that may be provided in Illinois include the following:

Network and Information Security Liability: Provides third-party coverage for the unauthorized access of confidential data and for the transmission of a computer virus to a third party system.
Communications and Media Liability: Provides third-party coverage for the unauthorized use of intellectual property in connection with materials used in websites or emails.
Regulatory Defense Expenses: Provides defense expense coverage to the insured for regulatory claims filed in connection with the two coverages listed above.
Crisis Management Event Expenses: Provides first-party coverage for public relations services to mitigate any actual or potential negative publicity resulting from a cyber attack or data breach.
Security Breach Remediation and Notification Expenses: Provides first-party coverage for the costs and expenses paid following a security breach to determine and notify the persons impacted as well as other expenses such as credit monitoring and call center services.
Computer Program and Electronic Data Restoration Expenses: Provides first-party coverage to restore, replace or reproduce damaged or destroyed computer programs, software or other electronic data stored within a computer system to the condition that existed immediately preceding the introduction of a computer virus or computer hacking.
Computer Fraud: Provides first-party coverage for the direct loss of money, securities or other property caused by computer hacking into the insured's computer system.
Funds Transfer Fraud: Provides first-party coverage for the loss caused by the intentional, unauthorized and fraudulent electronic transmission of instructions to a financial institution to transfer money or securities to a different account.
E-Commerce Extortion: Provides first-party coverage for the money or securities paid to someone threatening to commit computer fraud or funds transfer fraud, steal confidential information from the insured's computer system, destroy the insured's electronic data or system, introduce a virus into the insured's computer system, or initiate a computer system attack.
Business Interruption and Additional Expenses: Provides first-party coverage for the loss caused by a business interruption and related expenses caused by a computer system disruption.

The above examples of Illinois cyber insurance coverages are for informational purposes and should not be interpreted as a reliable or complete description of coverage. Cyber risk insurance coverages vary by insurance company and the policy form, including limitations and exclusions, should be carefully reviewed before coverage is bound.

What are some common exclusions in cyber insurance policies in Illinois?

Cyber insurance policies contain various exclusions. Examples of policy exclusions in Illinois are as follows:

Claims based upon or arising out of any insured committing any intentionally dishonest or fraudulent act or omission, committing any willful violation of any statute, rule, law; or gaining any profit, remuneration or advantage to which such insured was not legally entitled.
Claims based upon or arising out of any false, factually incorrect or inaccurate materials, provided that the insured knew the material was false, factually incorrect or inaccurate at the time such material was first made known, displayed, or disseminated.
Claims based upon or arising out of the actual or alleged obligation to make licensing fee or royalty payments, including the amount or timeliness of such payments.
Claims based upon or arising out of the actual or alleged inaccurate, inadequate or incomplete description of the price of goods, products or services, cost guarantees, cost representations, or contract price estimates, the authenticity of any goods, products or services, or the failure of any goods or services to conform with any represented quality or performance.
Claims based upon or arising out of any liability assumed by an insured under any contract or agreement.
Claims based upon or arising out of war, invasion, acts of foreign enemies, hostilities, civil war, rebellion, revolution, insurrection, military or usurped power, confiscation, nationalization, requisition, or destruction of, or damage to, property by or under the order of any government, public or local authority.
Claims based upon or arising out of any unsolicited electronic dissemination of faxes or emails.

Cyber insurance policies in Illinois also contain numerous other exclusions and limitations. Please refer to the insurance policy for coverage details.

What rating factors are used to set cyber risk insurance premiums in Illinois?

Examples of rating factors that may be used by insurance companies to determine cyber insurance premiums in Illinois are as follows:

Policy limits and deductible
Annual revenue
Total assets
Industry
Privacy controls
Network security controls
Content liability controls
Incident response plan
Financial condition
Quality of management
Claims experience

Rating factors in Illinois vary by insurance company and insurance companies are allowed to set their own rating algorithm.