What does the policy pay you after an incident?
First-party coverage is the part of a cyber policy that pays your own business for the cost of responding to and recovering from an event. It is what shows up first.
Ready for terms? Get a quote. Want to find the gaps first? Compare your coverage.
What first-party coverage pays for
First-party cyber coverage pays your business directly for the costs of responding to and recovering from an incident. It is the part of the policy that shows up the day something goes wrong, before anyone has sued you.
The core pieces are breach response and forensics to find out what happened, notification and credit monitoring where required, legal guidance through the response, data restoration to rebuild systems and information, and coverage for devices rendered unusable, sometimes called bricking.
Why the response bill is the real exposure
Owners tend to picture the ransom or the lawsuit. In practice, the forensics, legal, and notification work of a real breach response is the cost that arrives first and grows fastest. A dedicated response team also shortens the incident, which reduces every other cost.
This is why the size of the first-party limit matters more than it looks. A small endorsement can be exhausted by the response alone, before restoration or lost income is even addressed.
Coverages that are easy to overlook
A few first-party coverages are worth confirming rather than assuming:
- System restoration and data recovery, the cost to rebuild what was damaged or lost.
- Bricking, replacing hardware that an attack rendered permanently inoperable.
- Cryptojacking and fraudulent use of your systems' computing resources.
- Reputational harm support after a public incident, where offered.
First-party cyber coverage, answered.
What is first-party cyber coverage?
What is bricking coverage?
Isn't the response covered by my BOP endorsement?
Make sure your response limit is sized for a real incident.
Tell us how your business runs and we will check whether the first-party limits would actually carry you through a breach response.