I was rushing to send the final proofs. I didn’t realize my own laptop had been infected with a dormant trojan. When I attached the PDF, the virus hitched a ride. The client opened it, and it locked their entire internal network with ransomware. They are losing $10,000 an hour and blaming me for the “cyber attack.”
Key Takeaways
- E&O is not Cyber: Standard Professional Liability covers bad advice. It does not cover transmitting a virus. You need Cyber Liability Insurance.
- Third-Party Cyber Coverage: You need the portion of Cyber insurance that covers “Third Party Liability” (damages to others), not just “First Party” (fixing your own laptop).
- Negligence: Did you have antivirus software? If you were running an unprotected machine, the carrier might deny you for “failure to maintain minimum security standards.”
- Forensics costs: Proving it came from you and not someone else requires expensive forensic IT analysis. Insurance pays for this.
The “Why”: The Electronic Data Exclusion
The Trap: Almost every General Liability and standard E&O policy has an “Electronic Data” exclusion. It says they will not pay for the “loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data.”
Since your file bricked their server, this is exactly what happened. Without a standalone Cyber Policy or a robust Cyber Endorsement, you are uninsured for this disaster.
The Investigation: I Quoted 3 Major Carriers
1. Coalition
- My Analysis: The best in the biz for this. They run an external scan of your domain before quoting. Their “Third Party Network Security Liability” covers exactly this scenario: you transmitting malware to a client.
2. Boxx Insurance
- My Analysis: Very freelancer-friendly. They simplify the language. They cover “Digital Media Liability” and transmission of viruses.
3. Hiscox (Bundled)
- My Analysis: You can add Cyber to a Hiscox E&O policy. It’s a “Cyber Endorsement.” It’s usually good enough for freelancers ($1M limit), but check if it covers “Ransomware payments” for third parties.
[IMAGE: Diagram showing the flow of malware from Designer to Client and the insurance trigger points]
Comparison Table: Malware Transmission
| Carrier | Third-Party Cyber? | Forensics Included? | Cost | Best For… |
| Coalition | Yes (High Limits) | Yes | | Tech-Savvy |
| Boxx | Yes | Yes | $ | Remote Workers |
| Std E&O | NO | No | N/A | Nobody in 2026 |
Step-by-Step Action Plan
- Disconnect: Pull your machine offline immediately to stop the spread.
- Call the Cyber Hotline: If you have Cyber insurance, they have a 24/7 breach response number. Do not email them (your email is compromised). Call them.
- Notify Client IT: Tell them immediately “I suspect the file was infected.” Speed mitigates damages.
- Do NOT pay the Ransom: Let the insurance professionals handle the negotiation.
FAQ
My antivirus was on. Am I still liable?
Yes, but you weren’t “grossly negligent,” which helps your insurance coverage apply.
Does this cover the client’s lost business?
Yes. Third-Party Cyber Liability covers the “Business Interruption” costs the client suffers because of your virus.
Is this expensive?
Cyber insurance for a freelancer is usually
500−500−
900/year. Considering the risk, it’s essential.