Cyber Liability: Glossary of Terms

Cyber insurance can be complicated and laden with complex terminology. Here are a few key terms that you may see when reading about Cyber.

Bricking: When hardware becomes unusable because of malicious software. A “bricking limit” means a coverage will cover replacing the hardware up to that amount. 

Business Interruption (Cyber): Lost business income due to the inability to conduct business or take in revenue because of cyber or network interruptions. This can apply to interruption of the insured’s own business, or dependent business interruption, which is when a business a company relies on for income is interrupted due to cyber failures.

Cryptocurrency: A type of untraceable currency that is often the form of payment demanded as ransom by hackers. Bitcoin is the most common example of cryptocurrency. 

Cyber Crime: An umbrella term for types of crime committed solely through cyberspace, including (but not limited to):

• Fraudulent Funds Transfer: Funds that are illegally taken via an unapproved transfer to someone else, often via a data breach or phishing email. This crime is the most dangerous as it involves access to a business’ financial information, where small amounts can disappear without notice before being caught. 
• Invoice Manipulation: When someone - internally or externally - alters an invoice/bill without approval, to charge a client more than what the service should actually cost. This person then siphons that extra money off for themselves and gives the business the actually billed amount. 
• Social Engineering: The most common type of cyber crime, this is when people approve or interact with a prompt that allows individuals to steal from a business. For example, opening a phishing email that appears to be from an employee’s boss asking them to transfer funds to X.

Data Breach: When an unapproved entity accesses private personally identifiable information on a business, their employees and/or their customers.

Extortion: When a company’s system is held hostage by an unauthorized entity and won’t be released until they have been paid a ransom.

First & Third Party Liability: First party liability is for one’s own business, and third party is for another business that the insured has a responsibility to. Cyber liability usually covers both one’s own losses due to their actions and losses caused by external businesses. 

PCI Compliance: If a business accepts any payments from credits directly through their own proprietary system, they are legally required to follow a set of standards set by the  Payment Card Industry Data Security Standard (PCI DSS). There are fines & penalties that could be associated if a business’s PCI system becomes compromised. 

Personally Identifiable Information (PII): The private information entrusted to a business by their employees or clients: made up of names, email address, phone numbers, health information, order history, etc. 

Phishing Emails: A common way to breach a businesses computer system by sending a fraudulent email that deceives the recipient into opening content that could compromise their computer system. 

System Failure: An accidental failure or destruction of a cyber system that is essential to their activities. For example, if a supplier’s server is destroyed and they cannot deliver supplies to their clients.