1. Coverage should apply even if the security breach is committed by an employee. Watch out for language such as, “…committed by a party other than an insured….”
2. Coverage should be universal, for acts committed and claims brought anywhere. Watch out for language such as, “…acts committed and claims brought in the U.S.…” and “…acts committed anywhere but only for claims brought in the U.S.…”
3. Coverage should apply for the named insured even if the insured outsources some of its functions. Watch out for language such as, “…your computer systems under your control….”
4. Coverage should respond to multiple allegations. Watch out for modular or coverage part policies where the coverages are mutually exclusive and contain exclusions for the other coverage parts.
5. Invasion of privacy coverage should apply to services as well as content. Watch out for language such as, “…invasion of privacy… in your content (material or matter)….”