Commercial general liability insurance policies usually exclude damages arising out of losses of electronic data because electronic data often isn’t considered “tangible” property.
Companies can best protect themselves from cyber-related financial losses with a specific cyber insurance policy. These typically offer liability coverage (and sometimes partial property coverage) for losses related to data breaches. Most of these policies cover a commercial insured’s losses related to the loss of personally identifiable information and expenses from a data breach. These expenses can include legal expenses, investigating a breach, notifying people affected by the breach, managing the insureds’
reputation and other crisis-management expenses, and recovering lost or corrupted data.
Some policies also offer coverage for business interruption losses – losses related to expenses and lost revenue resulting from a breached system. Others may also offer “cyberextortion” coverage, which covers costs resulting from an extortion event such as ransomware. It’s important to note that this is a relatively new market, so policies may differ widely on the policy terms and conditions