Cyber Liability Insurance Coverage During Covid-19 Pandemic

Written by: Asya-Lorrene Morgan, Esq. and C. Michael Johnson, Esq.

Overnight, COVID-19 created a need for a large teleworking population, which has left businesses more vulnerable to phishing schemes and other malicious cyber activity. The recent increase in remote desktop protocols (“RPDs”) has created a 127% increase in exposure endpoints.[1] Failure to reassess cyber threats in relation to the current pandemic may subject insurers to a floodgate of cyber claims.

Generally, cyber liability policies are underwritten with a lot of flexibility to cover first and third party loss for  data breach incidents, privacy violations, and cyber based attacks. These types of policies focus on protecting a company’s digital assets, such as intellectual property, employee records, customer data, customer credit card information, financial statements and media files.  Also, these policies, may provide some risk shifting for the costs associated with having to respond, investigate, defend and mitigate against the consequences surrounding a cyber-attack.[2]

First party loss coverage is the most common cyber policy written to protect property after a cyber event generated by the insured. Generally, first party loss policies cover costs associated with: recouping lost data and records management, notifying those affected by a breach, providing identity theft protection, offering credit monitoring, managing brand damage, and updating systems.

Third party loss policies are less common and generally provide coverage for larger businesses that handle sensitive information, such as technology companies and healthcare systems. Data breaches are the most common claims for third party loss, and typically provide coverage for cover attorney’s fees, court costs, and damages. According to the Bromium and McGuire crime report for 2018, an estimated $1.5 trillion dollars was generated through cybercriminal activity.[3]

In light of the current COVID-19 outbreak, cybercrimes are going to increase and transitioning a large portion of the workforce to teleworking has spawned many new access points for cybercriminals to exploit a business’s virtual protection network (“VPN”). Businesses must remain vigilant is updating their cyber policies and network during this shift in the workforce as a prophylactic to the increase of cybercriminal activity stemming from the current pandemic.

Reliance on policies implemented prior to the pandemic may not be adequate to protect digital assets being accessed remotely. On January 8, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) issued a warning about vulnerabilities of Citrix’s Application Delivery Controller and Citrix’s Gateway web server appliances.[4] Many large corporations, not just Citrix, are finding that their VPNs have vulnerabilities that can be exploited by cybercriminals, which in turn leaves the customers utilizing their VPN services exposed.

COVID-19 has caused unforeseeable consequences on business operations, and the policies associated with cyber operations need to be reevaluated and updated to best conform to the new challenges posed by the inevitable increase of cyber loss claims. Common security tips need to be created and distributed to all employees, especially those working remotely. Proper cyber risk management and reevaluation of cyber policies will aide in lowering the number of cyber claims received as well as mitigating damages associated with cyber threats.


[1] COVID-19 Exploited by Malicious Cyber Actors, COVID-19 Exploited by Malicious Cyber Actors (2020), (last visited Apr 24, 2020).

[2] Talesh, Shauhin Data Breach, Privacy, and Cyber Insurance: How Insurance Companies Act as “Compliance Managers” for Businesses, 43 Law & Soc. Inquiry 417 (Spr. 2018).

[3] Hyper-Connected Web Of Profit Emerges, As Global Cybercriminal Revenues Hit $1.5 Trillion Annually (2018), Bromium & McGuire, (last visited May 2, 2020).

[4] COVID-19 Detecting Citrix CVE-2019-19781 (2020), (last visited Apr 27, 2020) (warning that “unknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781)”.

Leave a comment