...processing (principally for mainframe computers) approached or exceeded the value of the data, and was focused on physical damage to equipment and on losses to data resulting from that damage.
Over time, as hardware has dropped dramatically in cost and the relative value of data has soared, EDP coverage has been extended to loss due to viruses, hacking and other means employed to corrupt or destroy data in the absence of physical damage.
In special circumstances, fine arts “floaters” are another form of inland marine coverage appropriate for insuring valuable documents. In this case, coverage would be related to the market value of a rare historical document, such as an original U.S. Land Office deed, or a contract signed by a famous person, rather than the cost of reconstructing the record or any economic benefit conveyed by it.
Even with updated features, inland marine coverage for EDP is usually not as comprehensive as the coverage provided under “cyber” insurance policies, which are rapidly becoming fixtures in the commercial insurance market.
Cyber insurance is a complex and unusual type of coverage that emerged in specialty markets as a non- standardized product for specialized IT exposures. It is nowmarketed to all types of organizations.
Cyber insurance policies combine first-party coverage for loss to data and equipment with liability coverage for losses to third parties, along with coverage for expenses incurred for forensic investigations, notices to affected persons, public relations after an incident, and other purposes.
Coverage is typically triggered by “cyber perils,” which include viruses, malicious hacking, “ransomware” attacks, and other causes, deliberate or accidental, that damage or corrupt data, or make it inaccessible.
Perils insured under cyber policies change over time as threats evolve and malicious actors adapt to security measures. Also, some cyber policies explicitly exclude coverage for losses caused by standard property perils, while others cover them.
Cyber policies often have multiple insuring agreements — as many as seven —with corresponding limits. By selecting limits, insureds effectively pick and choose the risks they insure under a cyber policy and those they retain or insure under another policy. Internal cyber limits for different types of losses are often subject to an aggregate limit. Agents and brokers are cautioned to see that individual limits do not seriously deplete the aggregate limit.