Insurance comes with its own language. This glossary simplifies terminology specific to professional and management liability. No insurance jargon here, just plain English that we can all wrap our heads around.
Aggregate Limit in an insurance policy refers to the maximum amount that the insurer will pay to the insured for all covered losses under the policy. You can think of an aggregate limit as a ceiling: once the ceiling is reached, the insurance company will stop paying. The ceiling may be reached in one or more claims.
See also Limit, Sublimit.
All Risks refers to a type of insurance policy that covers loss from any cause as long as it is not explicitly stated as excluded in the policy wordings – in contrast to a ‘Named Perils’ policy.
Arbitration is a mechanism for resolving a dispute outside the court system in which, with the agreement of the parties, an impartial arbitrator hears evidence and hands down an enforceable decision.
Artificial Intelligence (AI) is the science focused on developing computer systems capable of performing tasks that normally require human intelligence such as speech recognition and decision making.
See also: deepfake, machine learning.
The Balance Sheet shows a company’s Assets, Liabilities and Shareholders’ Equity as of a particular date. In other words, it shows what the company owns, owes, and is worth, at a particular point in time. Also known as the Statement of Financial Position.
See also: retained earnings
Black Swan Event refers to a highly impactful, rare and unexpected event.
A Blockchain is a digital ledger of transactional records. Encrypted transaction records are compiled into encrypted blocks which are added to the chain which is duplicated and distributed across a network of computers. There is no single point of control and all transactions are visible to all participants.
Learn more under cryptocurrency.
Botnet refers to a set of internet connected devices, such as computers, smart phones and smart devices, that are running automatic software applications. Typically Botnets are infected with Malware to perform a Distributed Denial of Service Attack. They can also be used for their combined processing power to launch other attacks, such as a Credential Stuffing Attack. The word botnet comes from bot meaning robot and net meaning network.
Breach of confidence is when a person shares information that they were supposed to keep secret. In order to make a breach of confidence claim, the complainant must prove that the information was confidential and they communicated it as such, and that it’s unauthorized use by the other party caused injury to the complainant.
Bring Your Own Device (BYOD) refers to the trend towards employees using their own devices at work and for work and on their employer-owned network. To combat the resulting increase in cyber risk, employers need to put BYOD security policies in place and educate employees on their role in cyber security. See multi-factor authentication, virtual private network.
Brute Force Hacking is when an attacker tries to guess passwords or usernames by trying different words or combinations of words. Brute force attacks are run systematically checking potential passwords or phrases until the right one is guessed. It’s an attack by trial and error! A commonly used tool is a dictionary. The attacker will try to guess words combined with a special character or number, until they guess correctly. When passwords are weak, the attacker can be successful in seconds. More complex or longer passwords may take months or even years to crack. See credential stuffing.
Business Email Compromise (BEC) refers to an email scam targeting companies that send wire transfers to suppliers. BEC criminals use phishing, spear phishing and social engineering to trick employees into assisting with fraudulent wire transfers.
See more under Phishing, Spear Phishing and Social Engineering Fraud.
Business Interruption refers to the insured’s loss of income as a result of an interruption in operations due to property damage to the insured’s business.
See more under contingent or dependent business interruption.
Business Interruption Insurance refers to insurance that covers the insured’s loss of income as a result of an interruption in operations due to direct property damage to the insured’s business.
See also: business interruption and restoration period.
Carve Back refers to an exception to an insurance policy exclusion. Because it makes the exclusion not apply in specific situations, a carve back benefits the insured. For example, an exception to the insured vs. insured exclusion in a D&O Liability insurance policy to allow for derivative demands.
Insurance uses the term ‘Claim’ in the following ways:
Read an article: What is a claims adjuster?
Claims Made refers to a policy condition under which claims that meet the policy definition of a claim will be considered for coverage if they are made against the insured during the policy period.
Read this article to learn more.
See also Claims Made and Reported and Occurrence Basis.
Claims Made and Reported refers to a policy condition under which claims that meet the policy definition of claim will be considered for coverage if they are both made against the insured and reported to the insurer within the policy period.
Watch a video.
See also Claims Made and Occurrence Basis.
Clickjacking, also known as a User Interface redress attack, is a scam in which the criminal manipulates a website interface by adding hidden layers to trick a user into clicking on an invisible button or link and in doing so, downloading malware or doing some other unintended action.
See more under Malware.
Cloud Computing is when the software and hardware you use are not located on your desktop or your company’s network, but rather, accessed via internet as a service. If you use Hotmail, Yahoo email or Gmail for your personal email, you’ve been using the cloud to send and store emails. Many businesses use cloud computing because it’s a service that is managed by someone else taking the burden off their plate. These services are often provided through a subscription model, “pay as you go”, making service easily scalable.
Common types of cloud computing include:
Combined ratio uses the relationship between the total amount of earned premiums and the total amount of incurred losses and expenses over a given period of time to measure the profitability and financial health of an insurance company. There is an inverse relationship between the combined ratio and the company’s profitability. A combined ratio that is below 100 percent, shows that the company is making profit.
Combined Ratio = ((Incurred Losses + Expenses) / Earned Premium)*100
OR
Combined Ratio = Underwriting Loss Ratio + Expense Ratio
Read this article to learn more.
Commercial crime insurance is a type of property insurance that covers the loss that a commercial organization suffers from damage to, or destruction or disappearance of, its own property as a direct result of crime; such as theft, fraud or embezzlement. See also: employee dishonesty coverage, fidelity coverage, financial institution bond.
Read an article: Commercial Crime Insurance Explained
Commercial General Liability Insurance is an insurance policy that protects commercial entities against financial loss arising from claims alleging bodily injury and property damage. CGL is an occurrence-based insurance.
Commercial property insurance covers the loss that a commercial organization suffers from damage to, or destruction of, its own tangible property as a result of perils such as fire and flood. Available in All Risks or Named Perils policies.
See more under all risks, named perils.
Consent to Settle, also called the ‘Hammer clause’ refers to a policy condition that requires the insurer to seek the insured’s approval prior to reaching a settlement and stipulates the consequences of the insured not consenting to settle.
See Hammer Clause.
Consequential Loss is a loss suffered as a consequence of, but not a direct result of, the event i.e., a crime. Also called an indirect loss. An example of consequential loss would be lost income after a fire shuts down a business.
See also: loss.
Contingent or Dependent Business Interruption refers to the insured’s loss of income as a result of an interruption in service from a third-party service provider. Businesses depend on third-party service providers such as vendors and suppliers to make an income. A simple example of depending on a third party is the credit card processing done by a third party for an online store. If the credit card processor goes down, the business will not be able to collect revenue.
Watch a video on Contingent Business Interruption
See also: Business Interruption Insurance
Continuity Date or ‘first policy inception date’, is the earliest date of the insured’s continuous insurance coverage. This date can be many years prior to the current policy inception date as long as there has been no gap in coverage, i.e., no time in which the insured was without insurance coverage. See: insurance policy.
Contractual Liability refers to a legal obligation assumed under contract.
Cookies are small pieces of data sent by a website that you visit to your web browser (the software that you use to access the World Wide Web). The cookies are stored on your computer. The next time you visit that site it can ‘remember’ you by accessing the original cookie. Cookies help websites remember useful information like when you last visited, items in an online shopping cart, log in details, or previously entered information like name, address, etc. Problems arise when there are system vulnerabilities and hackers can read cookie’s data. Third-party tracking cookies can be used to record your browsing history, which is a privacy concern.
Credential Stuffing is a type of cyberattack where the attacker takes massive lists of usernames (typically email addresses) and passwords, and then tries to “stuff” them into different websites to gain access. They typically obtain the massive lists of passwords from data breaches. Unlike brute force attacks, attackers are not guessing passwords. They simply automate the process to attempt thousands or millions of logins using different automation tools. Attackers can be very successful using this approach because users often use one password for several logins and rarely change them. See multi-factor authentication.
Cryptocurrency is a digital only currency based on blockchain technology. It has no physical form such as tangible coins or paper bills. You can use it to buy goods and services or as an investment. There are many different kinds of cryptocurrency such as Bitcoin, Ethereum, Lirecoin and Cardano.
See more under Blockchain, Cryptocurrency mining, and Cryptojacking.
Cryptocurrency mining or Cryptomining is the process of validating cryptocurrency transactions and adding them to the blockchain ledger. Due to complex encryption of transactions and blocks, significant computing power is required for the process. Miners earn the block’s coin (cryptocurrency) as payment for their work.
See more under blockchain, cryptocurrency, cryptojacking.
Cryptojacking, also referred to as malicious cryptomining, is the process of using malware to steal computer processing power from victims’ devices for the purpose of cryptomining.
See more under Cryptocurrency mining.
Cyber Extortion is when a hacker holds data, computer systems, applications, or a website hostage until the business pays a ransom demand or is able to remove the intruder. Common threats include the threat to:
Cyber extortion is typically executed in the form of ransomware (a type of malicious software) or a denial of service attack.
See more under Extortion Threat Coverage.
Cyber Insurance is an insurance policy that’s intent is to cover the loss a company experiences due to a privacy or a network security breach. Due to cyber being a relatively new coverage, there is very little consistency in the insurance market as to what is covered by a cyber policy. Coverage, definitions and terminology vary from insurance company to insurance company. This is one of the challenges of today’s cyber market.
Learn more: take the course!
Data Corruption refers to electronic information that becomes unreadable, unusable or inoperable. This can be caused by human error; however it can also be caused by malware. Data restoration may be covered by a cyber policy depending on what caused the data corruption. Some policies even cover data re-creation. Data restoration and data re-creation are not the same thing.
Data re-creation refers to the recreation of electronic data from non-electronic sources following a cyber incident. Details of the definition vary by policy so it’s important to review wordings carefully to determine what is or is not covered. Not to be confused with data recovery.
See: data corruption.
Data recovery refers to the recovery of electronic data from electronic sources following a cyber incident. Details of the definition vary by policy so it’s important to review wordings carefully to determine what is or is not covered. Not to be confused with data re-creation.
A deductible is the amount that the insurer deducts from the total loss amount before paying out a claim to the insured. See Retention.
Deep Linking refers to the use of a hyperlink on one website to link to specific content on another site, rather than to that site’s homepage, but rather a page like this one. There have been lawsuits involving complaints about improper deep linking to content that is copyrighted, again such as this page! This is what is referred to as improper deep linking.
Deepfake refers to artificial intelligence (AI) generated synthetic media – super realistic videos, images or recordings of people doing or saying things they actually didn’t. Deepfake media is created by mapping the likeness of one person (i.e., a celebrity) onto that of another. It is often used maliciously.
See more under Artificial Intelligence.
A Denial of Service Attack is a type of attack against a computer system or website. It usually involves flooding the site with traffic or attacking a specific vulnerability resulting in a slowed or unavailable system or resource or restricted access. Not all Denial of Service Attacks are malignant. Cyber insurance policies may or may not cover a denial of service attack, and if coverage is granted, the definition of what constitutes a denial of service attack varies.
Also read about: Distributed Denial of Service attack.
A Derivative Demand refers to a demand made by one or more members or shareholders to bring a lawsuit or other action against the management or board on behalf of the organization alleging a wrongful act resulting in damage to the organization.
Read more here.
Directors’ and Officers’ Liability Insurance (D&O) protects directors and officers from incurring personal loss as a result of claims brought against them in the course of their regular duties managing the organization. D&O insurance can be viewed as Management Errors & Omissions insurance. See also: outside director liability coverage, not-for-profit directors and officers liability insurance.
Learn more: take the course!
Discovery Period is a time period following policy expiry during which the insured may discover and report claim loss it incurred during the policy period. A discovery period is a feature of a claims-made policy and is commonly 30 or 60 days in length.
A Distributed Denial of Service Attack is like a DoS attack on steroids! The difference is that the incoming traffic flooding the target originates from multiple sources, not just one. A successful Distributed Denial of Service attack can cripple an organization for an extended period of time and, due to its complexity is far more complex to resolve than a Denial of Service Attack. See botnet, credential stuffing attack.
Drive-by Download refers to the unintended downloading software from the Internet. It could mean clicking on a link, then authorizing the download without understanding what was really downloaded to your computer. It could also mean unknowingly downloading a virus or spyware. Drive-by Downloads can occur though emails and when visiting websites, clicking unknown links including pop-up windows. The risk is that the malicious content downloaded then exploits vulnerabilities in the victim’s computer system and be able to run code without the victim’s knowledge.
Duty of Care refers to the legal obligation to perform one’s role with diligence and to the best of your ability as would be reasonably expected for that role.
See more under Fiduciary Duty and Duty to Manage.
Learn more in the course Directors and Officers Liability Insurance 101
Duty of Loyalty is a legal duty of directors and officers requiring that they act honestly and in good faith in the best interest of the organization ensuring no conflict of interest between corporate obligation and personal issues. Also called Fiduciary Duty.
Duty to Defend is the obligation to provide a legal defence against a claim made against the insured once the claim has been reported to the insurer.
Duty to Manage refers to the legal obligation of Directors and Officers to manage, or supervise the management of the business and affairs of the organization.
See more under Fiduciary Duty and Duty of Care.
Duty to Obey refers to the legal obligation of Directors and Officers of not-for-profit organizations to follow the relevant laws, regulations, the bylaws of the organization and any unanimous member agreement.
Learn more about this in the course: Not-for-profit Directors and Officers Liability Insurance.
Employee Dishonesty Coverage is insurance protection found within a commercial crime insurance policy that
Employee dishonesty coverage is also referred to as ‘Employee Theft Coverage’ or ‘Fidelity Coverage’, depending on the insurance company.
To learn more read: What is Employee Dishonesty Coverage?
Watch a video lesson on that nature of employee crime.
Employment Practice refers to all actions, processes and procedures related to the work environment starting with the hiring process, through ongoing employment, to termination and even post-employment. External factors have an impact on employment practices. For example, the shift to remote working brings with it numerous employment practice challenges, especially when employees are based in multiple jurisdictions.
See Wrongful Employment Practice, Employment Practices Liability Insurance (EPLI)
Employment Practices Liability Insurance is an insurance policy that protects employers against financial loss arising from claims alleging employment related wrongdoings. Employment Practices Liability Insurance is also known as EPLI. EPLI policies are typically offered as claims made, named peril, insurance contracts. EPLI covers injury-causing employment practices perils such as discrimination, harassment, wrongful dismissal and retaliation. Financial losses can include defence costs, damages or settlement; however the most frequent loss incurred is defence costs. See Wrongful Employment Practices.
Learn more: take the course!
Encryption is the act of turning information that you and I can read, into code. The idea is that only the person with the key to decipher the code will be able to read the code. Encryption is used to protect confidential information.
End of Life (EOL) refers to products or software that are no longer supported or under warranty. If there are no updates, fixes or support for the software, it will eventually become a minefield of security weaknesses. Windows XP and Windows Server 2003 are great examples of EOL products which are now more vulnerable to security threats.
Entity Coverage, a.k.a. Side C, refers to the insuring agreement in a Directors and Officers Liability Insurance policy that protects the balance sheet of an insured organization by covering loss resulting from claims brought against the organization (rather than against directors/officers). This coverage may or may not apply to securities claims.
See more under Indemnifiable Loss and Non-indemnifiable Loss.
Errors and Omissions Insurance protects the insured party from loss as a result of third-party claims arising from actual or alleged error or omission in performance of professional duties.
See also: Professional Liability Insurance, Fiduciary Liability Insurance, Technology Errors & Omissions Insurance
Exclusion is a policy provision that excludes specific items, events, hazards, from coverage by the insurance policy. Reviewing the exclusions section of a policy wording is critical to understanding the extent and limitations of a policy’s coverage. See also: carve back.
Exemplary Damages are damages in excess of compensation that are awarded specifically to make an example of the defendant.
See: Punitive Damages
Exposure in insurance refers to:
Extended Reporting Period (ERP) is an optional coverage extension for a claims-made policy that gives the insured an additional period of time within which to report claims to the insurer arising from prior wrongful acts. It is also referred to as Tail Coverage or Run off.
Learn more: watch a video
Also see: discover period
Extension is the term used to refer to an insuring agreement purchased to expand the coverage of a policy.
Extortion Threat Coverage provides coverage for ransom demanded by an extortionist who holds applications or data hostage or threatens an attack. Not all cyber policies include this coverage. If coverage is provided, check if the policy will pay a ransom demand in bitcoin or other cryptocurrency.
See more under Cyber Extortion.
False Light is an invasion of privacy tort where the plaintive is portrayed publicly in a false or misleading light; the information portrayed is offensive and embarrassing to a reasonable person.
Fidelity is faithfulness to another as shown through loyalty. In insurance the term is used to describe the relationship between employee and employer.
Fidelity Coverage refers to the employee theft or employee dishonesty insuring agreement in a commercial crime insurance policy. The term ‘fidelity’ references the expectation of a loyal relationship between employee and employer.
A fiduciary is a person who holds the legal or ethical duty to act in the best interest of another (a.k.a. fiduciary duty) such as a financial trustee or legal counsel.
Fiduciary Duty is a legal duty requiring that one act honestly and in good faith in the best interest of another ensuring there is no conflict of interest between their obligation and personal issues. Also called Duty of Loyalty.
See more under Fiduciary, Duty to Manage and Duty of Care.
Fiduciary Liability Insurance is a type of Errors and Omissions insurance protecting an employee benefit program’s administrators and sponsors against claims of mismanagement.
See also: liability insurance.
A Financial Institution Bond is a type of crime insurance policy specific to financial institutions.
Firewall refers to a network security system used to monitor and control the exchange of information between computer systems and external networks, including the Internet. The firewall follows a set of predefined security rules to block out viruses and other malicious malware. See hacking.
First-Party Cyber Coverage is found in a Cyber Insurance policy. It covers loss directly incurred by the insured organization due to a privacy or network security breach. Examples of first-party cyber loss that may be covered include: lost income due to business interruption and expenses incurred to mitigate a cyber risk, hire a cyber breach coach or notify affected parties are all.
See more under Cyber Insurance.
Force Majeure refers to unforeseeable or uncontrollable circumstances (such as war or an extreme weather event) that prevent a contract from being fulfilled. An insurance policy definition of force majeure may or may not be limited to Acts of God (i.e., floods, blizzards, earthquakes, hurricanes…).
Governance refers to the rules, processes and procedures that an organization has in place to guide action and ensure accountability, transparency, and ethical and legal management.
Watch a video lesson: Understanding Governance
Hacking is the act of using computer or networking skills to solve a technical problem; the act of identifying and exploiting security weaknesses to gain unauthorized access to a computer, computer system or other digital device.
Hammer Clause, also called ‘Consent to settle’ stipulates the conditions through which a claim settlement can be reached and the consequences of the insured not consenting to settle.
See Consent to Settle.
Watch a video that shows how the Hammer clause works.
Indemnifiable loss, a.k.a. Side B, refers to the insuring agreement in a Directors and Officers Liability Insurance policy that protects the balance sheet of the organization by reimbursing the organization for those defence and damages costs of directors and officers which the organization indemnifies.
See more under Indemnification, Non-indemnifiable loss and Entity Coverage
Indemnification is the action of indemnifying i.e. of reimbursing or compensating, a party for loss suffered.
Watch a video on the Indemnification process.
Indirect loss is a loss suffered as a consequence of, but not a direct result of, the event i.e., a crime. Also called: Consequential Loss
An insurance policy is a legal contract between the insurer and the party being insured, the policyholder, under which the insurer agrees to pay claims. The policy spells out what kinds of claims the insurer will pay and how much and under what conditions. The policy also states the responsibilities of both parties. See also: continuity date, extension, limit, package policy.
Read an article: Occurrence vs claims made policies explained.
Insuring Agreement is a clause in an insurance contract that specifies what is covered. It is what grants coverage. In D&O Insurance, for example, there is relative consistency in the market with most policies having a Side A, Side B, and Side C structure. When it comes to Cyber Insurance however, you’ll find anywhere from one to twelve different insuring agreements in a policy, making policies hard to compare. These clauses should be read carefully. You’ll want to look at how the agreements are worded as triggers. In other words, understand what the terms and conditions are under which coverage will be granted.
Intellectual Property Liability is the liability to third parties for the alleged use of their protected intellectual property. Examples of protected intellectual property can include industrial property such as trademarks and trade dress (product appearance/ packaging). It also includes copyright such as artistic license for books, music or computer code.
See more under Liability.
Intrusion Upon Seclusion is an invasion of privacy tort. It refers to when someone physically or otherwise intrudes another person’s privacy or seclusion.
Invasion of Right of Publicity refers to the unauthorized use of someone’s name, likeness or other recognizable aspects for commercial purposes.
Keylogger refers to a piece of software or hardware that records the keys hit on a keyboard. This is usually done without the user knowing their key strokes are being recorded.
See malware.
Liability in insurance is the legal obligation to do something such as to compensate another party for costs or injury.
Examples: contractual liability, intellectual property liability, media liability, privacy liability, tort, vicarious liability.
See also: liability insurance.
Liability Insurance covers loss incurred due to legal liability.
See: commercial general liability insurance, directors and officers liability insurance, employment practices liability insurance, fiduciary liability insurance, miscellaneous professional liability insurance, professional liability insurance, third-party liability insurance.
Libel is written defamation.
See more under Defamation.
A limit in an insurance policy refers to the maximum amount that the insurer will pay to the insured for losses under the policy.
See also Aggregate Limit, Sublimit.
Loss, in insurance is the financial damage suffered due to an insurable event. Under the terms of a policy, the insured needs to incur a loss in order to have a claim for damages. See also: Consequential Loss.
Loss Discovered refers to a policy condition under which only claims discovered and reported to the insurer during the policy period will be considered for coverage, regardless of when the wrongful act occurred. See also: Loss Sustained.
Loss Prevention refers to activities conducted for the purpose of mitigating risk such as implementing processes and procedures, or upgrading a physical security system.
Loss ratio uses the relationship between total premiums earned and actual losses incurred over a given period of time to measure the profitability of an insurance company. Also called,”underwriting loss ratio.”
Loss ratio = ((insurance claims paid + loss adjustment expenses)/Premium earned) x 100
Read this article to learn more.
Loss Sustained refers to a policy condition under which only covers claims that were sustained during the policy period will be considered for coverage, regardless of when the loss is discovered or reported. See also: Loss Discovered.
Machine Learning is when a computer is programmed to use statistics to find patterns in large amounts of data and to then apply those patterns. The effect is that the more data the computer processes, the more it ‘learns’, no human intervention required. A common application is the generation of recommendations by search engines, social media and streaming services like Netflix and Spotify.
See more under Artificial Intelligence.
Malware, or malicious software, is a blanket term for code created by attackers with the intent to gain access or cause damage to a computer system. Viruses, ransomware, and trojan horses are all examples of types of malware.
See also: keylogger.
Manifest Intent in commercial crime insurance is the obvious intention to commit a crime, to cause the loss and to gain from the crime.
Media Liability refers to the liability risk that may arise from creating and disseminating content such as on a company’s website or social media pages. The risk for companies also applies to printed form and publications such as magazines and brochures. A media liability policy is available in the insurance marketplace as a stand-alone policy and limited coverage for online activities may also be found in some cyber insurance policies.
See also: deep linking, troll, product disparagement.
Miscellaneous professional liability (MPL) insurance is a form of professional liability insurance. It is intended to protect the insured from financial loss as a result of third-party claims arising from advice or service provided by the professional. Coverage typically extends to negligence, inaccurate advice and misrepresentation. An MPL policy is for those individuals and organizations that provide professional services for whom a custom professional liability policy does not exist.
Moral Hazard occurs when a situation incents risky behaving by limiting or removing the cost of the risk. Insurance policies are written to guard against moral hazard. Learn more in the course on Employment Practices Liability Insurance (EPLI).
Multi-factor Authentication requires a user to present more than one distinct authentication factor (password, verification code, etc.) for successful authentication.
Named Perils is a type of insurance policy that covers only loss incurred as a result of the perils that are specifically listed (named) in the policy wordings – in contrast to an All Risks policy.
See more under All Risks.
Network Security Breach refers to unauthorized access to computer systems. Often third parties will identify and exploit a vulnerability in an insured’s computer system leading to the transmission of malware, unauthorized access or denial of service attacks. One common vulnerability in all companies is humans. See BYOD, multi-factor authentication.
Network Security Liability is the liability to third parties for damage arising from a network security breach. For example, if a failure in an insured’s security resulted in a virus making its way onto the insured’s system, and from there it replicated through their contacts’ systems, the insured may be sued by clients, vendors, and suppliers who’s own systems were damaged by the virus.
Non-indemnifiable loss, a.k.a. Side A, refers to the insuring agreement in a Directors and Officers Liability Insurance policy that protects the assets of directors and officers in the case of a claim against them when the organization is unable or not allowed to indemnify them, e.g. in the case of insolvency or when not legally allowed.
See more under Indemnification, Indemnifiable loss and Entity Coverage.
A not-for-profit is an organization that is established for a specific purpose, a collective or social benefit, and does not pay profits, gain, or benefit to its members. For example, charities, cooperative associations, condominium or strata corporations. Also referred to as a ‘nonprofit’.
See: Not-for-profit Directors and Officers Liability Insurance.
Not-for-profit Directors and Officers Liability Insurance, also called non-profit D&O insurance, protects directors and officers of not-for-profit organizations from incurring personal loss as a result of claims brought against them in the course of their regular duties of managing or overseeing the management of the organization. See: directors and officer liability insurance.
Take the course.
Occurrence Basis is a policy condition under which claims that meet the policy definition of a claim, will only be considered for coverage if the event that gave rise to a claim, a.k.a., the occurrence, happened during the policy period. These policies are said to have ‘long-tail liability’ because the claims can be reported at any time, even long after the policy period has ended. Commercial General Liability (CGL) insurance is an example of an occurrence-based insurance.
See also Claims Made and Claims Made and Reported.
Outside Director Liability coverage provides coverage for insured persons on a Directors and Officers Liability Insurance policy who serve as directors, officers, or trustees of outside organizations at the direction of the insured organization.
See Directors and Officers Liability Insurance.
Package Policy is a bundle of insurance products within a single policy, typically designed for a specific market segment i.e., small business. See insurance policy.
Patch refers to a piece of software code that applies changes to a computer program after the program is installed, to improve performance or fix bugs, thus removing vulnerabilities. If the patch is not done properly it can bring down systems or disable them. Patch management is an important part of any application lifecycle management. See hacking and zero-day vulnerability.
PCI-DSS or ‘Payment Card Industry Data Security Standard’ is a security standard for organizations that handle credit cards. This is also known as the PCI Standard.
Peril means danger or risk. For example, a property peril could be the fire that burned down the house.
See more under Named Perils.
Personally Identifiable Information (PII) is information that could be reasonably linked or associated with, directly or indirectly, a consumer or household. What constitutes PII data varies by region as different privacy laws govern different regions and each has its own definition. Typically it is information that could allow someone accessing it to identify, locate or contact an individual. It’s important to keep in mind that a regulator may define PII differently from how an insurance policy defines it. The insurance definition may be broader, more restrictive, or may piggyback off of the regulatory definition. Always read the definition of PII in a policy wording carefully as this is a space that continues to evolve.
Learn more, read the article: Privacy legislation and cyber insurance.
Phishing is the use of carefully crafted emails to get the victim to click a link and release information. These emails seem authentic and convey urgency, tricking the victim into taking immediate action. See also: Smishing, Vishing, Spear Phishing.
Premium, in insurance, refers to the fee charged by the insurance company in exchange for carrying the risk as specified in the insurance policy contract.
Prior Acts Exclusion is a policy condition under which a claim is not covered if the event, the wrongful act, that gave rise to the claim occurred prior to the policy inception date or the ‘prior acts exclusion date.’
Prior or Pending Litigation is a policy condition under which any litigation that is in process or that the insured has been notified of, or is aware of prior to the policy inception date or the ‘prior/pending date’, will not be covered by the policy.
A Privacy Breach is access to private information without permission. This can be from unintentional or intentional disclosure (someone sending out a client list with names and addresses), employee error, lost device (for example losing a flash drive or laptop computer storing private information) or a hacking event where a third party obtains access to private information.
See also: breach of confidence.
Privacy Liability refers to the insured’s liability to third parties for damage arising from unauthorized access to their private and confidential information. It is typically associated with a privacy breach, or access to or disclosure of private information without permission.
See also: intrusion upon seclusion, invasion of right of publicity.
Pro-rata Cancellation is a way of determining the refund amount that an insured will receive if their insurance policy is cancelled before the expiry date. The Pro-rata cancellation calculation is based on the remaining length of the policy. Check the policy Terms and Conditions to see if Pro-rata Cancellation applies.
See also Short Rate Cancellation.
Read an article: Pro-rata vs short-rate cancellation.
Professional Liability Insurance protects professionals from financial loss as a result of third party claims arising from advice or service provided by the professional. Coverage typically extends to negligence, inaccurate advice and misrepresentation. Eg. A lawyer forgets to file paperwork for purchase of property leading to their client losing out on a deal. The client sues for damages. Also referred to as Errors and Omissions (E&O) Insurance or Professional Indemnity Insurance.
See also Liability and Miscellaneous Professional Liability Insurance.
Proof of Loss is a formal submission to the insurer of documented facts that prove a direct loss from crime.
See: commercial crime insurance
Punitive Damages are damages in excess of compensation that are awarded specifically to punish the defendant.
See: Exemplary Damages.
Quorum is a legally required minimum number of voting members who need to be in attendance at a meeting in order for decisions to be made. For example, the BC Strata Property Act required quorum for an Annual General Meeting is 1/3 of votes.
Ransomware is a type of malware designed to either encrypt files or block access to critical applications or programs until money is paid by the computer system owner. Many policies will cover ransomware as a peril however the extent of the coverage varies. Read more about ransomware here.
Regulatory Coverage is an insuring agreement found in policies that address data breaches such as Cyber, and Tech E&O. In the event of a privacy data breach, it covers costs, fines and penalties imposed by regulators. Costs can include legal and investigative costs if privacy laws were compromised and if legal assistance is required to determine causation and understand whether regulations and protocols were followed. Fines and penalties are covered in jurisdictions that allow such coverage.
Reservation of Rights refers to a letter issued by an insurance company in response to a claim to limit their liability by reserving the right to investigate the claim and deny coverage if the claim does not qualify for coverage.
A Reservation of Rights letter may be standard procedure for some insurance companies. It may also be issued if coverage is in doubt, for example, if
A Reservation of Rights letter is not the same as a Denial of Coverage letter.
Restoration Period (or period of restoration) on a cyber policy refers to the time between the moment the network security event happens and the moment when the insured’s income is back to a “normal level”. Normal meaning whatever the income would have been without the network security event. Restoration Periods varies greatly and a longer period may be negotiated for additional premium.
See also: business interruption.
Retained Earnings is the portion of profits that a company has held back, rather than paid to shareholders as dividends. To find this number in a company’s financial statements, look under Shareholder’s Equity on the Balance Sheet.
Companies retain earnings for working capital, to pay bills, maintain, upgrade or buy assets or to pay off debt. Retained earnings can be negative due to accumulated losses. This can be a red flag for D&O underwriters as it means that the company will be dependent on debt or equity to fund operations.
A retention is the amount of an insurable loss that the insured needs to absorb or pay before the insurance policy will begin to pay out. It is the amount of risk that the insured retains. See deductible.
Retroactive Date is the earliest loss date covered by the insurance policy.
Retroactive Date is a provision found in some claims-made policies that excludes coverage for claims arising from wrongful acts that occurred prior to that date. The retroactive date is often the same as the first policy inception date. See more under Claims-Made.
Risk Exposure refers to the total value at risk.
See Exposure.
Robin Hood Fraud refers to an act of fraud in which the criminal doesn’t enrich themselves but rather gives the proceeds away.
Short-Rate Cancellation is a way of determining the refund amount that an insured will receive if they cancel their insurance policy before the expiry date. Short-rate cancellation calculation includes a penalty as a disincentive for early cancellation. Check the policy Terms and Conditions to see if Short-Rate Cancellation applies.
See also Pro-Rata Cancellation.
Read an article: Pro-rata vs short-rate cancellation.
Slander is spoken defamation.
See more under Defamation.
Smishing is the use of text messages to entice the victim to click on a link and enter confidential information. Similar to emails used in phishing, these text messages tend to convey urgency and feel personalized.
See also: Phishing, Spearing Phishing, Vishing.
Social Engineering Fraud (SEF) refers to the use of psychology to manipulate someone into following instructions to share confidential information or send money. See also: business email compromise.
Read an article on social engineering fraud.
Social Engineering Fraud Coverage provides cover in the event that an employee falls victim to a social engineering scam. It is an endorsement that may be added to a cyber or a crime insurance policy.
See also Social Engineering Fraud.
Spear Phishing is a form of phishing which involves sending carefully crafted emails, personalized for a specific individual, the target, to get the victim to reveal confidential information.
See more under Phishing.
Sublimit on an insurance policy refers to the maximum amount that the insurer will pay to the insured for a specific category of loss under the policy.
See also Limit, Aggregate Limit.
Subrogation is a policy condition that gives the insurer the right to pursue a third party to recover losses up to the amount that has been paid out to the insured.
Technology E&O Insurance is an Errors & Omissions Insurance policy that covers providers of technology products or services against financial loss resulting from a claim against them for actual or alleged errors, omissions or negligent acts related to the use of their technology products and services. This can include damages arising from claims related to network security vulnerabilities and cyberattacks, along with expenses incurred to mitigate these situations.
Eg. An IT organization assists a business in migrating their data from one system to another. During the migration important data is lost. The IT organization never made back-ups. The client sues for damages.
Learn more – take the course!
Third-party Employment Practices Liability Insurance (EPLI) intends to cover claims against the insured brought by an external third party such as a vendor or client. Such claims are often class action suits with substantial potential losses. Third-party EPLI generally only covers discrimination and harassment and is sold as a separate insuring agreement.
Learn more, take the course on Employment Practices Liability Insurance.
Third-party Liability Insurance refers to insurance designed to cover loss incurred by the insured as a result of its legal liability to a third party; that is, its legal obligation to compensate an external party for loss, injury or damages. Also called third-party insurance.
See: liability, liability insurance
Tort refers to a civil wrong that causes damage, such as negligence, for which there is legal liability. Tort does not include breach of contract. False light and intrusion upon seclusion are invasion of privacy tort examples
See also professional liability insurance, miscellaneous professional liability insurance
A Trojan Horse, as the name implies, is a type of malware that gets downloaded because it’s disguised as a legitimate program. The user might think they’re downloading a version of Adobe, but in fact it is malware disguised as Adobe. Usually it causes its damage once a user runs the program.
Troll refers to a person who posts disruptive content on the Internet. A troll may harass, criticize or post inflammatory, irrelevant or off-topic comments on online communities. Their intent is to provoke an emotional response for the troll’s amusement or another specific gain. Their action is known as trolling.
Underwriters are employed by insurance companies to assess the risk of insuring people and assets. They are responsible for determining a premium (revenue for the insurance company) based on the risk exposure (potential loss) to the insurance company after a thorough assessment of the risk. Insurance companies look for bright, business-minded, analytical individuals with strong interpersonal and commercial skills to become underwriters.
See also Premium and Risk Exposure.
Underwriting in insurance refers to the process of assessing and pricing an insurable risk.
Learn more, read the article.
Vicarious liability is when one party holds responsibility for the actions of another due to the relationship between the two parties. For example, a corporation may be held vicariously liable for the acts of its employees. Some insurance policies offer vicarious liability coverage options, e.g., subcontractor vicarious liability coverage under a miscellaneous professional liability policy.
A Virtual Private Network (VPN) is technology that provides for a secure, encrypted connection over an existing network such as the public Internet.
Virus refers to a type of malware that hides within legitimate programs, and has the ability to self-replicate and infiltrate other programs and files. Like a non-computer virus, a computer virus’ goal is to replicate and spread itself as much as possible. A forensic investigator may be hired to determine the extent of damage caused by virus. This is an example of a first-party coverage that you want to look for in a Cyber Insurance policy.
Wage and Hour refers to any action that violates wage and hour regulations such as paying employees less than minimum wage.
Learn more, take the course Employment Practices Liability Insurance.
Waiting Period, as referred to in an insurance policy, is the time following an event that has to pass before coverage kicks in. You can think of it as a type of risk retention – a certain number of hours the insured has to absorb before coverage is triggered. As with a financial retention, there is a cost associated with a waiting period. Depending on the risk, the insurer might be open to negotiating the duration of the waiting period.
“Working Capital is the amount of money that a company has available to pay short-term obligations. Working Capital = Current Assets – Current Liabilities”
A Wrongful Act is the specific event that triggers insurance policy coverage. Check policy wordings for to see how it is defined for the specific policy.
Wrongful Employment Practice refers to those practices that do not align with the legal requirements made of employers. Also referred to as an ‘injury-causing employment practice’, examples include such as discrimination, defamation, and sexual harassment.
See Employment Practice, Employment Practices Liability Insurance.
Zero-day vulnerability refers to a software vulnerability that is not yet known by the software vendor or developer. Until it is known and a patch implemented, the vulnerability can be exploited by hackers. Day Zero is the day the software vendor or developer finds out about the vulnerability.
