Does Your Cyber Policy Exclude Viruses (Self Propagating Code)
This may come as a surprise, but not all cyber policies provide coverage for self propagating code such as viruses, trojans or malware. While most policies today do provide coverage for such claims, some carriers' forms still contain exclusions, particularly older forms and more basic policy endorsements. This exclusion can generally be located in one of two areas. The first, and most obvious section is within the policy exclusions itself, which will exclude coverage for: “a named virus as recognized by CERT” or ”based upon, arising out of or attributed to a virus as recognized by a government agency”. The second area is within the definition of "data" , “malicious code”, or equivalent definition. When intending to carve out coverage for viruses, this clause will contain wording, defining malicious code as “unauthorized software code…..but not including self propagating code such as viruses or malware”. When performing a policy comparison be sure to include this in your review and understand the coverage implications it could pose. Potential solutions include attempting to carve back coverage through negotiating policy verbiage or locating an alternative carrier.