Back
Technology law
Understanding the Complexity of Today’s Cybersecurity Insurance

October 9, 2015

Understanding the Complexity of Today’s Cybersecurity Insurance
Berkshire Hathaway recently announced that it was getting into the cybersecurity insurance business, offering two new types of policies – cyber liability and breach response coverage. These policies cover everything from incident response expenses to regulatory fines to losses resulting from business disruption. The company views cybersecurity as a business necessity and believes companies have not done enough to insure themselves against the inevitable breach. Recent events and trends would suggest that Berkshire Hathaway’s position is correct. Breaches involving major brands and government agencies continue to make headlines on a regular basis, and demand for cybersecurity insurance is on the rise across all industries. In fact, according to BITS, the technology policy division of the Financial Services Roundtable, demand increased 21 percent in 2014. Cybersecurity insurance can provide valuable protection when a security breach occurs. However, many companies are confused about what their policies cover and don’t cover. Cybersecurity insurance has come a long way since companies first started buying errors and omissions (E&O) policies about 20 years ago to cover service issues and data loss caused by viruses and small-time hackers. Generally speaking, cybersecurity insurance covers the investigation, notification and remediation of a breach, as well as crisis management and resulting lawsuits. While cybersecurity insurance still covers E&O-related claims, it has expanded over the years to include media liability, network security and privacy liability. Media liability covers lawsuits stemming from information or services provided through a company website, advertising or other electronic means. This can include libel, slander, or infringement of intellectual property, copyrights and trademarks. The network security component applies to the costs of downtime and compromised company or customer data caused by a breach. The privacy coverage doesn’t necessarily have to involve a data breach. For example, a breach can be caused by a lost device, wrongful collection of data, and other human and technical errors. Network security and privacy liability often cover both first-party costs and third-party liabilities. It is important to realize that cybersecurity insurance does not absolve an organization of carefully planning to prevent and effectively respond to a breach. Insurance is simply a form of risk management in which a portion of the financial risk is shifted to the insurance company. Certain costs will be covered, but the organization still has to deal with the fallout of the breach. Have all affected parties been notified? How have your customers and business relationships been impacted? Assuming data has been backed up, how will that data be recovered? How long will it take to resume normal business operations? Cybersecurity insurance policies do not answer these questions. There are number of factors to consider and questions to ask when buying cybersecurity insurance. Organizations must understand the costs of a breach, such as downtime and incident response, determine what costs and what types of incidents need to be covered, and ensure that the coverage is adequate. This may require flexibility on the part of the insurance carrier. All insurance policies have thresholds, exclusions, definitions and other fine print. These policies must be read carefully to ensure that the language or wording does not create a loophole that might void the coverage or enable an insurance provider to deny a claim. Don’t make the mistake of simply buying a cookie-cutter cybersecurity insurance policy from the first insurance representative you meet, and then dismissing the issue of cybersecurity by saying, “We have insurance for that.” The costs are far too great to take lightly. Organizations can minimize risk by having their policies reviewed by an attorney who has experience in business, technology and data breach law.  
Daniel D. Whitehouse, Esq. -

Follow Us

Related insights

How Florida’s CADRA Law Provides a Remedy for Insider Threats

March 18, 2016

The risk of a data breach has never been higher as sophisticated criminals have the expertise, organization and financial backing […]
View

Written Contracts for All Contractors. Period.

January 28, 2016

Suppose you decide to partner with an app development firm to create a mobile app for your company. You have […]
View

Wearables and mHealth: A Privacy Crisis Waiting to Happen?

December 21, 2015

Wearable technology usage has increased 500 percent during the past three years. Researchers from MarketsandMarkets expect this explosive growth to […]
View
Let’s protect your business. Schedule a consultation to get started.

Let’s protect your business. Schedule a consultation to get started.

"*" indicates required fields

Name*
This field is for validation purposes and should be left unchanged.

What to expect:

  1. Use the form to schedule a consultation.
  2. You’ll talk with a real attorney about your business and needs and how we can help. Then, you’ll get an initial estimate.
  3. If you like what you hear, you’ll get an engagement letter and pay the deposit.
  4. We’ll get started protecting your business.
Let’s protect your business. Schedule a consultation to get started.

Let’s protect your business. Schedule a consultation to get started.

"*" indicates required fields

Name*
This field is for validation purposes and should be left unchanged.

What to expect:

  1. Use the form to schedule a consultation.
  2. You’ll talk with a real attorney about your business and needs and how we can help. Then, you’ll get an initial estimate.
  3. If you like what you hear, you’ll get an engagement letter and pay the deposit.
  4. We’ll get started protecting your business.