The policy defines unauthorized computer access as access to the insured's computer system, central processing unit, input/output terminals or data storage systems by someone not intended to have such access. The policy first covers legal liability, including personal injury, in suits or claims arising from an unauthorized access. Secondly, the policy covers direct-loss expenses such as the cost of recovering and restoring a system to the operating conditions prior to access. Extra expenses incurred to continue business operations, such as renting computer time from a service firm, are also covered. Some areas are excluded from coverage to prevent overlaps in a company's insurance portfolio. Limits of liability are currently $10 million, but this may increase. Premium rates vary with the business and risk. The premium could range from $10,000 to high six figures. Due to the ground-breaking nature of the policy and the magnitude of possible risks and variations in corporate security, each policy is tailored to and underwritten for each company. The policy application is used to establish the premium for each insured by evaluating security techniques and debiting and crediting a base rate for each weakness and strength in the overall system security. After initial questions on business and budgetary operations, the application delves into physical security, hardware and software security, backup and storage capabilities, disaster recovery, and an overview of security administration, including the security budget. The policy is compared to the coverage of Lloyd's of London's computer crime insurance.