Cybersecurity Client Alert – May 2016
Should You Consider Cyber Liability Insurance?
The short answer is yes, and not just consider it but purchase it. Cyber liability insurance should be a part of your insurance portfolio. On a rare occasion, your general liability policy may cover a cyber related incident, but with the recent decision in Fourth Circuit that an insurer was required to defend the insured for a civil suit related to the disclosure of confidential patient information, insurers are likely to be scrambling to close that loophole. In that particular case, coverage was triggered when the insured became obligated to pay damages because of injury resulting from the “electronic publication of material” that discloses information about a person’s private life. The policy did not define “publication” and the Fourth Circuit placed the burden on the insurer to use language clear enough to avoid ambiguity if there are particular types of coverage it does not want to provide.
Cyber crimes are always evolving and changing. Insurers admittedly do not necessarily know what they are insuring against. In addition, the history of cyber crimes is relatively short and insurers do not have significant amounts of statistical data that has been aggregated to analyze trends in crimes and claims. So, cyber policies can be very different across various insurance companies.
Policies can also vary based on the size of your company. Small and middle market companies may find the process of obtaining a cyber policy relatively painless, but that is not necessarily the case for large companies. Those large companies may have to undergo a due diligence process where the insurer gathers information about the company’s types of data, relationships with vendors, and privacy and security policies and procedures. As a result, the coverage available to small and middle market companies may vary significantly from that available to large companies.
When it comes to the coverage itself, it is equally as important to understand what the policy excludes as it is to understand what the policy covers. When obtaining a cyber policy, you should take a deep dive into your business to fully understand the types of data you maintain, create, transmit, receive and store, your relationships with third party vendors, and the internal privacy and security measures that you have in place.
The contents of this publication are intended for general information only and should not be construed as legal advice or a legal opinion on specific facts and circumstances. Copyright 2019.