Which of the following is NOT typically included as coverage under a cyber insurance policy for first-party losses?

Cyber insurance policies are designed to address specific risks associated with cyber incidents, particularly first-party losses that directly affect the insured organization. First-party losses refer to the costs incurred by the policyholder themselves as a direct result of a cyber event.

Public relations expenses, replacement or restoration of electronic data, and extortion threats such as ransom payments are all examples of first-party losses. These coverages address the immediate financial impact an organization might experience following a cyber incident, such as data breaches or ransomware attacks. For instance, public relations expenses help manage reputation damage while recovery efforts focus on restoring lost or compromised data.

On the other hand, third-party liability generally pertains to claims made against an organization by other parties (like customers or third-party vendors) due to data breaches or other cyber-related incidents. This type of coverage does not fall under first-party losses because it involves legal liabilities arising from the organization's actions affecting others, rather than the organization's own incurred costs. Therefore, it is correctly identified as not typically included in the first-party coverage of a cyber insurance policy.