home about privacy contact us

Data Risk Liability Insurance & Breach Response Remedies (for Organizations)

Provided by: Identity Fraud, Inc. / Underwritten by AIG

Identity Fraud, Inc. (IFI) and AIG and GoAgents, combine to provide cyber protection online, via a simple, automated platform that delivers valuable risk management tools and insurance coverages, instantly. Limits are available up to $1MM with retentions up to $2,500.

Get a Quote

Cover Your Business

Every business is at risk of having a data breach on multiple fronts — negligence, a rogue employee, stolen equipment, or perhaps a malicious hack or extortion. Incorporating proactive defenses is certainly essential to mitigate risks, but there are no guarantees a loss will not occur. With any breach, the future of the business could be in jeopardy due to extensive recovery and reimbursement costs, damage to its reputation as well as liability, fines or penalties.

The cyber liability insurance program provided by Identity Fraud, Inc. (IFI) and insured by AIG delivers the industry’s leading data theft risk management and insurance solution for small organizations. It incorporates important proactive prevention tools along with liability insurance and breach response remedies. When a loss does occur, access to IFI’s Incident Response On-Demand™ helps ensure that an effective breach response strategy and solution can be orchestrated and launched in 24-hours.

You have the option to select from two different program types to address data risks, namely:

1. Core Cyber™ - With a focus on data breach liability insurance for cyber/privacy risks, this program couples best in class data security practices with insurance and breach remedies to cover costs associated with data theft or loss, and to help make sure your business recovers from a data breach incident. You can purchase directly online.

2. SB Core Protector® - IFI’s flagship product combines the above Core Cyber program benefits together with organizational or business identity protection, including the nation’s first and only stand-alone admitted business identity insurance policy. You can purchase directly online.

Both programs are considered optimal based on combining proactive prevention tools together with insurance and response remedies that truly help you prevent, prepare for and respond to data breach related risks.

The above programs are available to nearly every business type in the USA, provided the business has i) annual sales (gross receipts) less than $10MM per year and ii) 50 or fewer full time (FTE) employees.

Program Details

Core Cyber™
Core Cyber uses a three (3) step approach to ensure that every company with protection has the optimal tools necessary to help prevent and survive a data breach incident.

Prevent. The most common sense approach to a data breach risk is to try to avoid them altogether. As a client having Core Cyber, your organization receives tools that can proactively reduce the exposure that your business faces daily. It includes technology downloads and educational modules to help you and your staff become familiar with safe practices in an ever expanding technological world.
Based on your program selection, tools include:

  • Mobile device security app
  • Computer vulnerability scans (internal assessments)
  • Online training modules for employee education,
  • Information security and technology risk assessments and ISO policy templates
  • Keystroke encryption software (downloadable)

Quite uniquely, the above tools help to reduce other program related costs, resulting in an overall optimized and affordable program that is less expensive than lesser alternatives.

Prepare. The largest and most heavily invested in data security can fall victim to data breaches. And, we know from our own Ponemon Research studies that smaller organizations are much less prepared. Because the risks are significant and the losses so very easy to incur, most insurance professionals now realize that having cyber insurance is just as just as important as property and standard liability coverages (and that it further reduces agency E&O risks). Because we live in a world based on information and data, the time has come for every business organization to secure data risk insurance.

In summary, Core Cyber provides:
Liability Insurance - Core Cyber includes A rated insurance from AIG covering any event that has resulted in, or could reasonably result in, the fraudulent use of private information
  • Loss or theft of personal and/or business data — both electronic and paper
  • Failure to disclose/notify affected parties per breach notification laws
  • Regulatory fines and penalties
  • Payment Card Industry/Data Security Standard fines and penalties (up to a $250,000 sublimit)
  • Internet media liability, including copyright infringement, plagiarism, theft of ideas, invasion of privacy, defamation, slander, negligent infliction of emotional distress and more
  • Other related court judgments and settlements

Limits: Available limits range from $50,000 to $1,000,000 per annual term.
Retention: $1,000 for limits below $500,000; or for limits at or above $500,000, the retention is $2,500.

Breach Response Covered Expenses – Core Cyber provides separate benefits to address other data breach response obligations and exposures. These data breach response remedies include covered expenses for the following categories:
  • e-Business network interruption
  • Loss of business income
  • Reconstruction of data
  • Cyber extortion
  • Forensic investigation/audits
  • Crisis management
  • Legal consultation
  • Public relations
  • Notifications/mailings
  • Remedies for identity theft education and assistance
  • Victim cost reimbursement insurance
  • Credit file or identity monitoring

Covered expenses amounts are 50% of the data risk liability limit, up to a maximum of $250,000. A $1,000 retention applies.

Employee Identity Fraud Protection (Automatic) - If you any of your full-time employees become individual victims of identity fraud or identity theft, they receive coverage for:
  • Reasonable legal fees for defense, removal of judgments and contesting of incomplete or inaccurate records
  • Lost wages while taking time off work to resolve an incident, up to $2,000
  • Other expenses, such as communications with institutions, credit card monitoring and personal records monitoring
  • Assistance with responding to the fraud or theft
The annual limit per employee is $15,000. There is no deductible. There is no enrollment necessary.

Respond. In the event that a data breach does occur, Core Cyber helps ensure that a full and speedy recovery takes place with our Incident Response On-Demand™ providing around-the-clock access to experts who will assist you with:
  • Incident analysis to determine if a data breach occurred and if sensitive data was lost
  • Triage and strategic planning of the response
  • Notification of the data breach to those whose information was compromised in the breach. This includes assistance in creation of the notification, address verification and mailing services.
  • Victim resolution services, such as a telephone hotline to answer questions and concerns
  • Consumer identity protection, such as credit monitoring

SB Core Protector®

This second, more robust, program level adds Business Identity Protection and insurance to the Core Cyber program. The program helps you promptly learn of potential business identity fraud through:
  • Business credit monitoring and alerts
  • Business Cyber Monitoring™, which scans the Internet, chat rooms, bulletin boards and other online sources, searching for your organization’s identifying information
  • Unlimited access to your organization’s credit profile and scores

The A rated insurance covers:
  • Professional fees
  • Defense of lawsuits or criminal allegations
  • Removal of any fraudulent civil or criminal judgments
  • Contesting the inaccuracy or incompleteness of any information or records containing your business information
  • Lost wages while taking off work to resolve an incident
  • Other allowable miscellaneous costs, such as travel, client communications and business records monitoring
  • Educational white papers
Business identity fraud insurance features a $50,000 annual limit, with an annual deductible of $100.


Please Note: This web page provides summary details only. Coverages are written on a Claims Made basis and certain terms, limitations and exclusions apply. Not all coverage may be available in all states. Certain property-casualty coverages may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds and insureds are therefore not protected by such funds. Please read each policy carefully and ask your insurance agent or broker for any questions. Liability coverage is provided pursuant to an active membership in a Risk Purchasing Group as managed by Identity Fraud, Inc. and separately, per the terms of the Identity Fraud, Inc. Customer Agreement.

More Information

For detailed information, download these pdfs:
Core Cyber
SB Core Protector

Think cyber crime can't happen to you? Think again!

Data breach at an assisted living facility
The United States Secret Service identified a potential HIPAA breach that may have compromised data for 100 residents. As a result, an experienced team of dedicated cyber claims specialists quickly engaged a breach coach and a forensic investigator. Knowledgeable partners helped ensure the incident was properly handled and reported to the state regulatory agencies.

An employee's laptop — stolen
An employee’s laptop containing members’ private financial information was stolen from his home. As a result, members sued the organization for damages resulting from alleged failure to protect their private financial information.

A malware data breach
An organizations computer system was compromised when a third party sent a malware program via email to a number of employees. The invasive software allowed the third party to access the system and capture the names, addresses and credit card numbers of more than 500 guests.

Theft by an employee
A school secretary stole a donor’s credit card information, resulting in a forensic investigation, a lawsuit and a Payment Card Industry (PCI) fine. The total cost of investigation, fine and settlement approached $50,000.

A costly mistake / violation
A staff member at an assisted living facility commented on a resident’s health matter on a social media site. The HIPAA violation and resulting legal expenses exceeded $250,000.

An online bookstore hacked
An online bookstore had its transaction processing system hacked. Thieves collected credit card data over the course of one year. When the Secret Service detected the incident, they notified the retailer’s management. A payment card related company issued thousands of dollars of PCI-related contractual fines and penalties to the payment processor who, in turn, contractually passed the obligation on to the bookstore.

Extortion made to professional firm A small professional services firm clicked on a malicious email link that allowed a hacker to install a crypto-locker malware tool on the firm’s computers and that encrypted all of the firm’s data files rendering them unavailable. An extortion demand of $15,000 was incurred to release the data from the hackers grip.

*The above are modified examples taken from real cases