Help texts are categorized into first- and third-party financial and tangible impact quadrants.
Not all costs listed in the first-party financial impact quadrant are covered by insurance. Insurances typically cover third-party costs for those impact areas.
First-party Financial Quadrant
Impact
Help Text
Forensics Expenses
Expenses associated with the digital investigation to discover the entry points, compromise, data instances impacted, and other details of a cyber event. Often performed by a third-party.
Incident Response Expenses
Expenses associated with containing or eradicating the impacts of a cyber event and continuing or restoring operations during and following the event. (Except for the cost of restoring data, which is entered separately.) This may include the restoration of software on endpoints and servers.
Cost of Notifications
Costs associated with notifying parties affected or potentially affected by a cyber event, particularly those whose personal information is affected by a data breach. Done either voluntarily or in compliance with a regulation.
Credit Monitoring Costs
Cost of providing services to monitor the credit profiles of parties affected or potentially affected by a data breach. These costs may vary widely by geography (for example, U.S. costs differ from both Canadian costs and European costs). This service is offered to all affected parties, but typically, only a percentage of them accept the offer. This is called the take rate.
Call Center Costs
The cost of expanding or outsourcing call center services to answer inquiries by parties affected or potentially affected by a data breach (typically customers). It may also apply to other cyber events in which a large number of customers are impacted, such as service outages.
Public Relations Expenses
The cost of assistance of public relations experts in public announcements, publicity, media response, and other public-facing communications related to a cyber event.
Cost of Restoring Data
Expenses and costs to identify lost or damaged data; to determine whether the data can be restored, recollected, or recreated; and to restore, recollect, or recreate the data, including restoring the data from backups or recreating the data from physical records.
Other Remediation Costs
Catchall for any other extra expenses that would be associated with remediating the event. However, it should not include any repair or replacement of hardware, machinery, or other tangible assets, which should be recorded as first-party tangible expenses.
Breach Coach
A breach coach is typically a third-party attorney skilled in responding to cyber events, especially related to regulatory requirements such as state filing and legal requirements such as chain of custody of forensic evidence.
Outsourced Legal Expenses
Outsourced legal advice for any other legal concerns or issues associated with an event, such as advice for SEC filings.
Regulatory Filings and Notifications
In a privacy breach, these are often included in the cost of a breach coach. Still, for non-privacy breach events, this category should be used for costs of any regulatory filings or notifications, such as to financial or energy regulators.
Lost Income from Your Network or Computer Outage
The projected earnings before interest, taxes, depreciation, and amortization that would fail to be earned as a result of the cyber event causing an outage to your network or computers or networks and computers managed by you, including those in cloud infrastructure.
First-party Tangible Quadrant
Impact
Help Text
Lost Income from Outsourced Network or Computer Outage
The projected earnings before interest, taxes, depreciation, and amortization that would fail to be earned as a result of a cyber event causing an outage to network or computers or networks and computers managed for you by a third party, including SaaS apps, internet service providers, and cloud infrastructure not managed by you.
Lost Income from Reputational Damage
The projected earnings before interest, taxes, depreciation, and amortization that would fail to be earned due to customers losing confidence in the company as a result of other impacts from a cyber event or the way the company handled the event.
Theft of Fund
Monies or Securities, Money stolen by cyber means, such as through wire transfer fraud or hacking of a cryptocurrency exchange.
Cyber Extortion Expenses
Payments to cyber criminals to halt or avoid an attack or to remediate damage the criminals caused in an attack, such as data encryption.
Value of Stole Intellectual Property
Equivalent monetary loss, using some valuation method, of stolen IP such as financial data, designs, engineering data, and formulas.
Consequential Lost Income
Payments you must make in some form to a business partner or other supply chain entity as compensation for the loss of income they experience due to other impacts you suffer in a cyber event, such as an interruption in shipment of your products.
Restoration Expenses
Expenses and costs incurred by a third party to restore lost or damaged data or other intangible property due to a cyber event your organization experienced, which the third party seeks to recover from you.
Outsourced Legal Defense Costs
Fees charged by an outsourced attorney concerning any suit or regulatory action brought against you.
Other Legal Costs
All fees, costs, and expenses other than attorneys’ fees incurred in the defense or investigation in any suit or regulatory action brought against you.
Civil Fines and Penalties from Regulators
Fines or penalties imposed by a governmental agency and arising from a regulatory action (a request for information, civil investigative demand, or civil or administrative proceeding brought by or on behalf of a governmental agency or authorized data protection authority, such as HIPAA).
Civil Fines and Penalties Awarded by Courts
Any damages, judgments, settlements, and pre-judgment and post-judgment interest that your organization becomes obligated to pay as a result of a class action or other legal action, including monetary amounts your organization has agreed to by settlement to deposit into a consumer redress fund.
Criminal Fines and Penalties from Regulators
Fines and penalties levied by regulators such as the Federal Trade Commission due to any fraudulent, criminal, or malicious act, error or omission, or any intentional or knowing violation of the law in connection with a cyber event, such as violation of a consent decree.
Criminal Fines and Penalties Awarded by Courts
Fines and penalties awarded by courts against your organization due to any fraudulent, criminal, or malicious act, error, or omission, or any intentional or knowing violation of the law concerning a cyber event.
Share Holder Losses
Any damages, judgments, settlements, and pre-judgment and post-judgment interest your organization must pay due to shareholder class action suits related to cyber events, such as loss in the value of shares allegedly resulting from a cyber event.
Third-party Financial Quadrant
Impact
Help Text
Mechanical Breakdown of Your Equipment
The cost of repair or replacement to remediate the operational or structural failure of equipment due to the cyber event.
Physical Damage to Computing Equipment
The cost to repair or replace physical components of your computing equipment that are physically damaged due to the cyber event.
Firmware Damage to Your Computing Equipment
The cost to replace computing equipment, including electronic devices, components, or storage media, rendered useless for its intended purpose due to the introduction of malicious code that reprograms the equipment’s firmware.
Destruction or Damage to Your Facilities or Other Property
Direct physical loss of or damage to your buildings, structures, machinery and equipment, furniture and fixtures, or other property due to the cyber event.
Other Repairs to Your Property
Any other repair and replacement expenses or costs the organization incurs directly from the event that does not fit in any other repair and replacement categories.
Environmental Cleanup of Your Property
Expenses incurred to remove, dispose of, or clean up the actual presence of pollutants or contaminants from land or water on your property released due to a cyber event.
Lost Income from Physical Damage to Your Equipment or Facilities
The projected earnings before interest, taxes, depreciation, and amortization that would fail to be earned as a result of the cyber event causing physical damage to your equipment or facilities that results in necessary partial or total interruption of your business operations, services, or production.
Lost Income From Physical Damage to Dependent (Third-Party) Equipment or Facilities
The projected earnings before interest, taxes, depreciation, and amortization that would fail to be earned as a result of the cyber event causing physical damage to the equipment or facilities of a third party you depend on that results in necessary partial or total interruption of your business operations, services, or production.
Lost Income from Physical Damage to Utilities
The projected earnings before interest, taxes, depreciation, and amortization that would fail to be earned as a result of the cyber event causing physical damage to a utility you depend on that results in necessary partial or total interruption of your business operations, services, or production.
Other Lost Income from Physical Damage to Your Property
The projected earnings before interest, taxes, depreciation, and amortization that would fail to be earned as a result of the cyber event causing physical damage of any other type that results in necessary partial or total interruption of your business operations, services, or production.
Bodily Injury to Your Employees
Any cost or expense you incur due to physical injury, including sickness or disease, suffered by employees due to a cyber attack.
Third-party Tangible Quadrant
Impact
Help Text
Mechanical Breakdown of Others’ Equipment
The cost that a third party incurs for repair or replacement to remediate the operational or structural failure of their equipment due to a cyber event that you experienced and that the third party seeks to recover from you.
Physical Damage to Others’ Computing Equipment
The cost that a third party incurs to repair or replace physical components of their computing equipment that are physically damaged due to a cyber event that you experience and that the third party seeks to recover from you.
Firmware Damage to Others’ Computing Equipment
The cost that a third party incurs to replace their computing equipment, including electronic devices, components, or storage media, that is rendered useless for its intended purpose due to the introduction of malicious code that reprograms the firmware of the equipment as a result of a cyber event that you experience, and that the third party seeks to recover from you.
Destruction or Damage to Others’ Facilities or Other Property
The cost of direct physical loss of or damage to a third party’s buildings, structures, machinery and equipment, furniture and fixtures, or other property as a result of a cyber event that you experience, and that the third party seeks to recover from you.
Other Repairs to Others’ Property
Any other repair and replacement expenses or costs a third party incurs as a direct result of a cyber event that you experience and seek to recover from you that does not fit in any other repair and replacement categories.
Environmental Cleanup of Others’ Property
Expenses incurred by a third party to remove, dispose of, or clean up the actual presence of pollutants or contaminants from land or water on their property that were released due to a cyber event that you experienced, and that the third party seeks to recover from you.
Bodily Injury to Your Employees
Any cost or expense you incur due to physical injury, including sickness or disease, suffered by employees due to a cyber attack.
Product Liability Related to Tangible Damage or Bodily Injury
Liability you incur due to property damage or bodily injury suffered by a third party through a defect or malfunction of your product caused by a cyber event that you experience.
Product Recall Expenses
Expenses you incur to get back under your control a product that has become defective due to a cyber attack and that might cause property damage or bodily injury.