Skip to Content
On This Page

regulatory defense and penalties coverage

Regulatory defense and penalties coverage refers to an insuring agreement contained within policies written to cover claims caused by data breaches.

Additional Information


Such policies are most often termed "cyber and privacy insurance," "information security and privacy insurance," or "cyber-security insurance." This insuring agreement covers the costs of dealing with state and federal regulatory agencies (which oversee data breach laws and regulations), including (1) the costs of hiring attorneys to consult with regulators during investigations and (2) the payment of regulatory fines and penalties that are levied against the insured (as a result of the breach). Regulatory defense and penalties coverage is one of the rare types of insurance that affirmatively covers fines and penalties. (Most types of insurance exclude these items because covering fines and penalties is usually considered contrary to public policy.) Since data breaches typically involve customers residing in multiple states and because each state has its own unique set of laws and rules, regulatory defense and penalties coverage is especially valuable, given the need for insureds to deal with multiple sets of regulators. Similar to other cyber and privacy insurance policies, regulatory defense and penalties coverage is subject to an annual aggregate limit and an annual aggregate deductible.

Related Terms