Cyber Liability

Currently, Cyber Cover is approved and in all states (blue states on map)
In those states, please refer to Internet Banking Liability.


The Cyber Cover Policy provides coverage for a wide range of cyber and privacy exposures. Three insuring agreements form the base policy:
  • Data Breach Liability is the mainstay of privacy and cyber insurance, providing coverage for:
  • The failure to prevent unauthorized access to both electronic and non-electronic confidential information (a data breach). The information may be in the care and custody of the bank or certain bank service providers.
  • The failure to properly notify impacted parties of a data breach as required by law.
  • Demands for restitution for lost business opportunities as a result of exposed confidential data by a victim of a breach incident.
  • Cyber Liability provides coverage for certain cyber exposures not covered elsewhere in the policy, including network security breaches such as distributed denial of service (DDoS) attacks and virus transmissions, as well as other causes of action.
  • Cyber Publishing and Social Networking Liability addresses gaps in defamation and similar coverage under a bank's General Liability policy by providing coverage for defamation and similar allegations arising from communications displayed or distributed through the bank’s websites and social networking accounts, whether posted by the bank or someone else. Coverage also addresses accusations of copyright infringement, misappropriation of ideas, slander and advertising injury arising from the bank's website and social networking accounts.
Optional Insuring Agreements
  • Regulatory Defense provides coverage for defense expenses incurred if regulatory proceedings are brought against the bank in connection with a data breach incident or wrongful cyber publishing act.
  • Electronic Funds Transfer Liability provides coverage when a demand is made against the bank in connection to the wrongful electronic transfer of customer funds. Coverage includes electronic funds transfer initiated by faxes, emails, phone calls or online banking.
  • Privacy and Security Breach Response Expenses indemnifies the bank for professional expenses incurred to remediate an electronic or non-electronic data breach or a denial of service attack. Professional expenses include forensic investigation, technological assistance required to restore access, legal counsel, notification costs, card reissuance, credit monitoring and identity monitoring.
  • Public Relations Expense indemnifies the bank for expenses incurred to hire a public relations expert to help mitigate the reputational damage to the bank in the wake of an electronic or non-electronic data breach or any other claim covered under the policy.


Optional Endorsements
  • Cyber Extortion indemnifies the bank for loss of property surrendered as a result of cyber threats.
  • Business Interruption indemnifies the bank for lost income and additional expenses incurred when a bank's system stops functioning due to criminal behavior or in response to a cyber-extortion threat.

Sample Policy
Coverage Summary


Claims Examples

Data Breach Liability

  • The bank’s payment system is hacked resulting in the unauthorized exposure of tens of thousands of confidential customer records. The records were subsequently misused as part of an identity theft scheme. The customers sue the bank demanding restitution for lost funds and expenses incurred in clearing their identities. 
  • The bank is sued for lack of adequate security measures after confidential customer information was stolen from a dumpster of discarded account files.
  • A bank employee erroneously emailed portions of a customer database to an outside vendor.  The vendor used confidential information found in the database to solicit business for its Florida timeshares. The bank’s customers sue the bank for wrongful disclosure of private data.

Cyber Liability

  • Demands are made against the bank for loss of business opportunity due to the loss of customer account access while the bank’s online banking systems were disabled by a denial of service attack.
  • Demands are made against the bank for system damage incurred after a customer received a virus from the bank’s online banking platform.

Cyber Publishing and Social Networking

  • The bank unknowingly uses copyrighted art on its website. The American Society of Artists sues the bank for copyright infringement. 
  • A local resident sues the bank, alleging it published her picture on the bank’s Facebook page without her permission.

Regulatory Defense

  • After a data breach resulting in the exposure of confidential customer information, the bank’s regulators allege that the bank had inadequate security controls. The regulators formally charge the bank with regulatory violations.
  • The Office of the Comptroller of Currency took action against the bank for deceptively advertising free checking accounts. The agency found that the bank lured in customers with promises of “no strings attached” free checking, without disclosing key requirements.

Electronic Funds Transfer Liability

  • Funds from a customer account are wired to a third party based upon a fraudulent instruction initiated using the stolen login credentials of a bank employee. The customer demands restitution.
  • Funds from several customer accounts are wired overseas when hackers gain control of the bank’s systems. The customers sue the bank to recover the lost funds.

Privacy and Security Breach Response Expenses

A bank discovers that its online banking system has been breached over the course of three months. Thousands of customers had their confidential information stolen. The bank, on the advice of its data breach coach, hires a forensic investigator to determine the cause and extent of the breach, notifies the FBI and local authorities, notifies its customers, and provides all victims with credit and identity monitoring services.

Public Relations Expense

The bank’s mortgage loan officer's laptop is stolen. The laptop contains hundreds of borrower records, including nonpublic, personally identifiable information. The bank hires a PR firm to restore borrower confidence in the bank's ability to manage its security controls and customer data.

Cyber Extortion

A bank decides to not extend credit to a business customer. In retaliation, the customer announces he has access to the bank’s systems and threatens to shut down operations unless the bank transfers a large sum to its Cayman Island accounts. The bank receives reimbursement for monies surrendered to avoid the shutdown.

Business Interruption

A hacker shuts down the bank’s online banking platform. The website is down for 48 hours as programmers rewrite, test and elevate new code. In the interim, the bank extends hours at its branches to accommodate those who normally bank online in the evenings. The bank receives reimbursement for lost income and additional expenses incurred after the initial 24-hour downtime period.


Notwithstanding any language to the contrary, nothing contained herein constitutes nor is intended to constitute an offer, inducement, promise, or contract of any kind. All coverage descriptions and claims examples are provided for informational and educational purposes only and are not a representation as to coverage for any particular claim and are not represented to be error free. Coverage for any claim is determined upon the specific facts of the claim, the terms and conditions of the policy and applicable law. For details on the coverage provided by your specific contract of insurance, please refer to your policy. Coverage is subject to underwriting guidelines and may not be available in all states. Limits may be capped for underwriting reasons. Any links to any sites which are not originated by ABA Insurance Services Inc. (ABAIS) are provided only as a courtesy and are not intended to nor do they constitute an endorsement by ABAIS of the linked materials.