Ans.(d). First-party coverage insures for losses to the policyholder’s own data, lost income or other harm to the policyholder’s business resulting from a data breach, cyber-attack or ransomware attack. First-party coverage applies to direct costs of the insured business for responding to a data breach or security failure.
Third-party coverage insures against liability to third parties (including customers and government entities) as a result of a data breach, cyber-attack or ransomware attack. Third-party coverage applies when persons sue or make claims against the insured business, or governments or regulators demand information from the insured business.
First-party coverage -
Business interruption and lost income – covers lost income and increased operating expenses when a cyber-incident damages an entity’s network or causes the loss of data that disrupts business continuity and operations.
Computer data loss and network restoration – covers physical damage to an entity’s computer system and the cost to retrieve and restore damaged or stolen data, hardware, and software.
Forensic investigation services – covers costs and expenses for technical, legal or other expert services to assess and stop a cyber-incident.
Notification costs – covers legal advice regarding laws and regulations governing breach remediation, including costs to notify all victims, including customers and employees, of a cyber-incident and possible identity or credit card theft.
Crisis management and public relations – covers customer support, call centers, credit monitoring, and other expenses to educate victims of a cyber-incident of the breach and the business entities’ response, as well as consulting fees to protect against public relations damages.
Extortion and ransomware – covers costs for the investigation of cyber-attacks and threats of attacks, as well as for payments to extortionists.
Electronic theft – covers a business entity’s money that is stolen as a result of network breach and fraudulent transfer of electronic funds.
Third-party coverage -
Litigation – covers costs to defend lawsuits, including class actions, involving allegations of a failure to prevent the unauthorized use / access of confidential information or of a failure of system security to prevent or mitigate a computer attack, the spread of a virus, or a denial of service, and the payment of judgments, settlements and damages arising out of such a cyber-incident.
Governmental and regulatory – covers costs to respond to or defend against governmental investigations or proceedings, as well as the payment of fines and penalties, relating to a cyber-incident.
Credit and fraud monitoring – covers costs for customer credit monitoring, identity theft protection services, and fraud monitoring following a cyber-incident.
Multimedia – covers costs related to claims of online defamation, copyright and trademark infringement.
What is excluded from coverage? Similar to other types of insurance policies, cyber insurance policies often exclude certain losses from coverage. Typical exclusions include claims arising from war, breach of contract, theft of trade secrets, unfair trade practices, and employment practices. Cyber insurance policies also typically exclude coverage for willful, intentional, deliberate, malicious, fraudulent, dishonest, or criminal acts or omissions of the insured.
Source: https://www.sgrlaw.com/client-alerts/cyber-insurance-frequently-asked-questions/
[A very tough question]