150 questions · 180 min · 70% to pass
Question 1
What is double extortion ransomware, and how does it expand the scope of losses that cyber coverage must address?
Answer: Double extortion ransomware involves attackers both encrypting the victim's data and threatening to publicly release it unless a ransom is paid; this expands covered losses to include both the extortion payment to restore access and potential notification costs, regulatory liability, and reputational harm from the threatened data publication.
Question 2
Why might a technology company need both cyber liability insurance and technology errors and omissions coverage?
Answer: A technology company needs both because cyber liability covers claims arising from security failures like data breaches, while technology E&O covers claims that the company's software or services failed to perform as promised, addressing two distinct categories of professional risk that often occur together.
Question 3
What is media liability coverage in the context of a cyber insurance policy?
Answer: Media liability coverage within a cyber policy protects the insured against claims arising from online content, such as defamation, copyright infringement, invasion of privacy, and disparagement published on the insured's website or through digital communications, covering defense costs and damages.
Question 4
What does a DDoS attack do to a target's systems?
Answer: Floods them with traffic to make them unavailable
Question 5
What role does a cyber insurer's breach coach play in managing notification costs following a data breach?
Answer: A breach coach is an attorney provided or approved by the insurer who guides the insured through the legal requirements of breach notification, helps determine which individuals and regulators must be notified, and coordinates the response team to ensure compliance while minimizing costs and legal exposure.
Question 6
What does legal counsel do during a cyber incident response?
Answer: Advises on notification and regulatory obligations
Question 7
What is a sublimit in a cyber insurance policy, and why do notification costs often have one?
Answer: A sublimit is a maximum amount the insurer will pay for a specific coverage component within the overall policy limit; notification costs often have sublimits because large-scale breaches affecting millions of individuals can generate staggering notification expenses, and insurers cap this exposure separately from other covered costs.
Question 8
Which federal rule requires healthcare entities to notify patients and HHS after a data breach?
Answer: HIPAA Breach Notification Rule
Question 9
What is the 'prior known events' exclusion in a cyber policy, and why is it included?
Answer: The prior known events exclusion bars coverage for breaches or cyber incidents that the insured was aware of before the policy's effective date or before applying for coverage, preventing adverse selection where a company purchases insurance knowing it already has an unreported breach in progress.
Question 10
What does HIPAA stand for?
Answer: Health Insurance Portability and Accountability Act