From the February 6, 2012 issue of National Underwriter Property & Casualty • Subscribe!

A Lawyer’s Advice for Evaluating Your Cyber Coverage

Policies vary significantly from carrier to carrier—and even within the various forms of one company

Policyholders and insureds exposed to cyber risks would be well served to analyze carefully their insurance policies to determine exactly which coverages apply to them—and to see if any critical coverages are missing.

Cyber Liability insurance should provide coverage for the vast majority of key cyber risks, and there may also be overlapping coverage under other policies for such exposures.

The first place that a company should look to determine whether it has, or may have, coverage for cyber risks is any specific Cyber Liability policies that the entity holds. A very close look at these policies is warranted, as the coverage under such policies often varies significantly from carrier to carrier—and even within the various forms that one particular insurance company offers.

Note that just because a policy is sold as a cyber-insurance policy, the insurance company will not automatically agree to cover or defend against potential liabilities for all cyber risks. Cyber-insurance policies are relatively new and not as regulated as more traditional insurance policies; the market for cyber coverage is referred to in some circles as the “Wild West” of insurance.

Cyber policies are often sold with various coverage modules, provisions and insuring agreements, allowing for companies to cherry-pick the specific coverages they want to purchase. Because of the variety of options offered in the marketplace and the potential to select specific risk protections, a careful review of the policy form before a claim arises is critical.

When reviewing Cyber Liability policies from the highest level, the buyer should determine whether there is coverage for so-called first-party risks and third-party risks (see above chart).

PRE-CLAIM APPROACH

Entities should consider closely whether their policies provide coverage for privacy breaches even before there has been a claim—to ensure that coverage exists for costs incurred immediately after the discovery of a data breach—including investigation and notification costs. (These costs may be referred to as “voluntary notification” costs among those in the industry, though they may not truly be “voluntary.”)

Certain cyber-insurance policies exclude coverage for costs relating to breaches of contract; so those entities handling data on behalf of contracting partners should consider how such an exclusion would affect the entity’s ability to handle a cyber incident that leads to breach-of-contract damages.

Although many non-cyber policies purport to exclude such damages, data-breach-based class actions often seek such damages. Entities should also consider whether there is coverage for any security audits that may be required by certain third parties, such as business partners.

As to first-party risks, the entity should consider protection for data loss or corruption; the inability to access data; and the inability to conduct business due to the inaccessibility of the various cloud-computing platforms on which the entity relies or provides to clients. The trigger for such coverage should not be limited to a “physical” cause of loss and should be broad enough to include cyber attacks, data breaches, hackings and other crime. 

 

Comments

Resource Center

View All »

Get $100 in leads with $0 down!

NetQuote's detailed, real-time leads have boosted sales for thousands of successful local agents across the...

The Growing Role of Excess & Surplus Lines in Today’s...

The excess and surplus market (E&S) provides coverage when standard insurance carriers cannot or will...

Increase Sales Conversion with this Complimentary White Paper

This whitepaper will share proven techniques - used by many of the industry's top producers...

D&O Policy Definitions: Don't Overlook These Critical Terms

Unlike other forms of insurance where standard policy language prevails, with D&O policies, even seemingly...

Environmental Risk: Lessons Learned from Willy Wonka and the Chocolate...

Whether it’s a chocolate factory or an industrial wastewater treatment facility, cleanup and impacts to...

More Data, Earlier: The Value of Incorporating Data and Analytics...

Incorporating more data earlier in claims lifecycles can help you reduce severity payments by 25%*...

How Many Of Your Clients Are At Risk Of Flood?

Every home is vulnerable to flooding. Learn four compelling reasons why discussing flood insurance with...

Gauging your Business Intelligence Analytics Capabilities and the Impact of...

Big Data, Data Lakes and Data Swamps, How to gauge your company's Big Data readiness....

Extending Contact Center Capabilities Across the Insurance Enterprise

Today advancements in technology are making a big impact on business and society. To yield...

Drug and Alcohol Testing Requirements

In this two-part series, NBIS Risk Management team will break down the requirements to assist...

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.