“According to a recent study by Lloyd’s of London, cyber-risk — both malicious attacks and nonmalicious ones — is approaching the top 10 of risks threatening businesses worldwide. In the U.S., malicious attacks were ranked in the top five. Last year, hackers succeeded in attacking government networks in the U.S., India and Brazil. Data breach in various forms has struck major financial institutions, pharmaceutical companies, manufacturers, stock exchanges, defense manufacturers, electronics manufacturers and Internet-based businesses. Statistics from a year ago estimated that cybercrime was costing companies $114 billion, with $96 billion in the U.S. alone…” (Insuring Against Cybercrime, Orrick)
Now there’s a phrase that defines the age in which we work and play. But what is cyber insurance, exactly? Who needs it? What protections does it provide?
Great questions. For your reference, global law firm Pillsbury has the answers. (The first answer might surprise you):
WHO should consider Cyber Insurance?
“Companies in the financial services, health care, retail and hospitality, communications, media and technology sectors have tended to be early adopters of cyber insurance, for the obvious reason that they possess large amounts of private customer data and are attractive targets for data thieves. In addition, a company that manufactures or sells an extremely popular consumer product may be more likely to face hacking attempts. The same is true for companies whose leadership is high-profile, or especially outspoken on controversial issues. Big companies tended to buy cyber insurance first, but much of the growth in the cyber insurance market lately has come from smaller and middle-market companies as they come to realize the magnitude of their exposure to data security risks.” [italics ours]
WHY consider Cyber Insurance?
“As everyone knows from the headline news, it is getting harder every day for companies to protect their data and networks from theft and data hacking, and in the current regulatory environment the stakes for even inadvertent disclosure of private data are high. Customer names, credit card information, social security numbers, passwords, employee information, and confidential commercial information and intellectual property are all at risk in a data breach. Loss or unauthorized disclosure of this data can mean lost revenue and public trust, not to mention the costs of remediating the breach or fending off lawsuits by the affected parties. An interruption in the flow of data or a disruption of one’s network as a result of a breach can also bring business to a complete halt. An increasing number of companies view the need for insurance to mitigate these risks as crucial.”
WHAT does Cyber Insurance cover?
“Third-party cyber insurance is most common, and covers losses from data security breaches, other loss or unauthorized disclosure of private information, as well as the discovery of libelous or copyright-infringing content on a business’ site. While no two policies are exactly the same, this kind of coverage often falls into three categories: 1) crisis management expenses, including costs of notifying affected parties that their data has been compromised, costs of providing credit monitoring services, and the costs of public relations consultants, forensic investigation, and pursuit of indemnity rights against third parties who might be responsible for the breach; 2) claim expenses, such as the costs of defending and settling lawsuits; and 3) regulatory response costs, which can include compliance, investigatory and settlement costs.”
Read the entire Pillsbury update, with additional insights into this emerging clss of coverage: Negotiating the New World of Cyber Insurance…
- Insuring Against Cybercrime – Orrick
- Recent Credit Card Data Breach Once Again Demonstrates Need for Insurance Coverage – Gilbert LLP
- Ten Minute Social Media Insurance Coverage Primer By: Olivera Medenica – Wahab & Medenica
- Data Breaches – The Coverage Question – Greg Rapoport
- Business Leaders Must Address Cybersecurity Risk – Jackson Walker
- Key Privacy, Security and Information Management Issues in a Digital World Economy – Ingram Yuzek
- Department of Commerce Calls for Voluntary Cyber Security Standards (2011) – Reed Smith
- Cyber Spyware Found on U.S. Electric Grid Demonstrates Increasing Potential Exposures for Insurance Industry (2009) – Edwards Angell
Read additional law firm advisories re: Cybersecurity Risks on JD Supra>>Google+