From the February 6, 2012 issue of National Underwriter Property & Casualty • Subscribe!

A Lawyer’s Advice for Evaluating Your Cyber Coverage

Policies vary significantly from carrier to carrier—and even within the various forms of one company

Policyholders and insureds exposed to cyber risks would be well served to analyze carefully their insurance policies to determine exactly which coverages apply to them—and to see if any critical coverages are missing.

Cyber Liability insurance should provide coverage for the vast majority of key cyber risks, and there may also be overlapping coverage under other policies for such exposures.

The first place that a company should look to determine whether it has, or may have, coverage for cyber risks is any specific Cyber Liability policies that the entity holds. A very close look at these policies is warranted, as the coverage under such policies often varies significantly from carrier to carrier—and even within the various forms that one particular insurance company offers.

Note that just because a policy is sold as a cyber-insurance policy, the insurance company will not automatically agree to cover or defend against potential liabilities for all cyber risks. Cyber-insurance policies are relatively new and not as regulated as more traditional insurance policies; the market for cyber coverage is referred to in some circles as the “Wild West” of insurance.

Cyber policies are often sold with various coverage modules, provisions and insuring agreements, allowing for companies to cherry-pick the specific coverages they want to purchase. Because of the variety of options offered in the marketplace and the potential to select specific risk protections, a careful review of the policy form before a claim arises is critical.

When reviewing Cyber Liability policies from the highest level, the buyer should determine whether there is coverage for so-called first-party risks and third-party risks (see above chart).

PRE-CLAIM APPROACH

Entities should consider closely whether their policies provide coverage for privacy breaches even before there has been a claim—to ensure that coverage exists for costs incurred immediately after the discovery of a data breach—including investigation and notification costs. (These costs may be referred to as “voluntary notification” costs among those in the industry, though they may not truly be “voluntary.”)

Certain cyber-insurance policies exclude coverage for costs relating to breaches of contract; so those entities handling data on behalf of contracting partners should consider how such an exclusion would affect the entity’s ability to handle a cyber incident that leads to breach-of-contract damages.

Although many non-cyber policies purport to exclude such damages, data-breach-based class actions often seek such damages. Entities should also consider whether there is coverage for any security audits that may be required by certain third parties, such as business partners.

As to first-party risks, the entity should consider protection for data loss or corruption; the inability to access data; and the inability to conduct business due to the inaccessibility of the various cloud-computing platforms on which the entity relies or provides to clients. The trigger for such coverage should not be limited to a “physical” cause of loss and should be broad enough to include cyber attacks, data breaches, hackings and other crime. 

 

Comments

Resource Center

View All »

Complimentary Case Study: Helping achieve your financial goals By:...

Find out how a Special Investigation Union used TLOxp to save the company money and...

Do Your Clients Hold The Right CDL License?

Learn about the various classes of CDL Licenses and the industries that are impacted by...

Integrated Content & Communications: A Key Business Issue For Insurers

Insurers are renewing their focus on top line growth, and many are learning that growth...

High Risk Insurance Coverage in the E&S Market

Experts discuss market conditions, trends and projected growth in a rapidly changing niche.

Top E-Signature Security Requirements

This white paper covers the most important security features to look for when evaluating e-signatures...

EPLI Programs Crafted Just For Your Clients

Bring us your restaurant clients, associations and other groups and we’ll help you win more...

Is It Time To Step Up And Own An Agency?

Download this eBook for insight on how to determine if owning an agency is right...

Claims - The Good The Bad And The Ugly

Fraudulent claims cost the industry and the public thousands of dollars in losses. This article...

Leveraging BI for Improved Claims Performance and Results

If claims organizations do not avail themselves of the latest business intelligence (BI) tools, they...

Top 10 Legal Requirements for E-Signatures in Insurance

Want to make sure you’ve covered all your bases when adopting e-signatures? Learn how to...

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.