Endorsements

Data breach coverage in admitted P&C products

Coverage intent

Data breach coverage addresses costs or liability tied to unauthorized access, disclosure, loss, or compromise of protected information.

Coverage impact

Data breach wording affects cyber, businessowners, and package products because notification, credit monitoring, forensic, defense, and regulatory response costs can be covered or limited in different ways.

Where this language appears

Matching form records, product lines, state activity, and recent examples for this coverage language.

Matching form records

Recent records

Product submissions

Companies

Sample form language

A representative form excerpt for this topic, with the form number and edition date shown the way insurance teams usually identify versions.

Selected form

Businessowners Healthcare Professionals Cyber Liability and Data Breach Endorsement (Claims-Made and Reported)

Form #: BOP 80 01 10 24

The Medical Protective Company

Businessowners

TX | Jun 21, 2026

This businessowners endorsement adds claims-made cyber liability and data breach coverages with reporting and retention conditions.

Enterprise security event and privacy injury insuring agreement

A. The following Cyber Liability and Data Breach Coverages are added:

INSURING AGREEMENT - CLAIMS-MADE LIABILITY COVERAGES

1. Enterprise Security Event And Privacy Injury Liability Coverage

We will pay those "damages" within the applicable Limits of Insurance, and in excess of any applicable retention, that the "insured" becomes legally obligated to pay because of an "enterprise security event or privacy injury claim" or a "PCI-DSS claim", provided that:

a. such "claim" is first made against the "insured" during the policy period or any applicable extended reporting period and is reported to the "company" in accordance with section I.3. Reporting of Claims and Events;
b. the "enterprise security event" or "privacy injury", as applicable, giving rise to the "claim" is reported to the "company" in accordance with section I.3. Reporting of Claims and Events; and
c. as of the "first inception date", no "control group insured" had given notice to any insurer of a related claim or circumstance.

Selected excerpt from this form.

Notable language points

  1. 01Adds cyber liability and data breach coverage to a businessowners form.
  2. 02Uses claims-made and reported mechanics with policy-period and extended-reporting-period conditions.
  3. 03Ties payment to damages above retention for enterprise security, privacy injury, or PCI-DSS claims.

Related insurance form pages

Related coverage topics