Purpose
The Breach-Notification Coverage Position letter confirms the insurer's coverage stance on first-party breach-response costs and third-party liability while the insured moves at statutory breach-notification speed.
When to Send
Send promptly after FNOL of a security incident — typically within 24 to 72 hours — once the insurer has confirmed the policy is triggered but before panel vendors incur significant cost or the insured issues state breach notifications.
Required Components
1. Incident Facts
Identify the claim ({{claim_number}}), the incident date ({{date_of_loss}}), the insured ({{insured_name}}), and the nature of the incident (ransomware, BEC, unauthorized access, data exfiltration, etc.).
2. Policy Trigger & Retention
Cite the policy ({{policy_number}}) insuring agreement(s) triggered (incident response, business interruption, privacy liability, regulatory defense) and confirm the applicable retention and any waiting period for network-interruption coverage.
3. Panel Counsel & Approved Vendors
Assign or confirm panel breach counsel and approved forensics, notification, and PR vendors. Make clear that costs for non-panel vendors require pre-approval and may be reimbursed only at panel-vendor rates, if at all.
4. Sanctions / OFAC & Ransom Position
If ransomware or extortion is involved, state that any ransom payment requires the insurer's written consent and must clear OFAC sanctions screening; reference the current OFAC advisory on ransomware payments.
5. Breach-Notification Timing
Acknowledge the shortest applicable state breach-notification deadline (e.g., 30, 45, or 60 days after discovery) and coordinate on the notification template, call-center scripts, and credit-monitoring offer.
6. Reservation of Rights
Reserve rights on exclusions commonly invoked in cyber claims: war / hostile act, prior acts, unencrypted-device, failure-to-patch, and contractual liability. State that the coverage position is preliminary and subject to continuing investigation.
Jurisdiction Notes
Universal
Breach-notification deadlines, harm thresholds, AG-notice requirements, and credit-monitoring mandates vary by state. Panel counsel tracks the full 50-state matrix; this letter should not be used as a substitute for that analysis.
Adjuster Guidance
- Engage panel counsel before vendors invoice.
- Document consent for each vendor assignment and scope of work.
- Do not authorize ransom discussions without OFAC clearance and written
- Re-issue or supplement this letter as the factual picture evolves;
