Why Is Cyber Liability Insurance So Difficult For People To Understand?

[Audrey McNeil <audrey () riskbasedsecurity com>]

https://www.riskbasedsecurity.com/2014/09/why-is-cyber-liability-insurance-so-difficult-for-people-to-understand/

Cyber insurance isn’t new. As a stand-alone insurance product it’s been
available since the days of the dot-com bubble. Arguably, it has even
deeper roots reaching back to the Y2K scare and the original electronic
data processing coverages offered in property policies. Yet, despite more
than a decade of existence, the coverage remains misunderstood and it’s
value often called into question. Take for example the recent post by
Hunton & Williams law firm. While it’s true most cyber policies tie
coverage to events taking place or discovered after a specified date,
(known as a “claims made” policy) this is a common structure.  It is
frequently utilized when the underlying event or mistake can take place
over an extended period of time. In fact, claims-made policies are
commonplace in most forms of professional liability including Medical and
Lawyer Professional Liability. Few doctors or attorneys would argue that
their malpractice insurance has limited value simply because it’s a claims
made policy with a retroactive date.

Like every other insurance product sold, cyber policies include caveats and
exclusions that will determine when and how the insurance applies. But that
doesn’t mean the policies are without value, but rather it is important for
an organization to ensure they choose the right policy that matches their
risk profile.   By now we hope that everyone understands that responding to
and recovering from a data breach can be expensive.  With what appears to
be no slow down in data breaches, cyber policies are a valuable tool for
managing those costs.  More than just helping with the costs to notify and
provide credit monitoring for individuals affected by the breach, cyber
liability insurance can contribute to the costs of forensics to figure out
what data has been taken and legal fees for understanding how to comply
with the myriad of notification statutes as well as regulatory fines and
penalties. These policies can also help defray the cost of defense should
the organization be sued over the event. Despite the fact plaintiffs face
significant hurdles when it comes to making a data breach lawsuit stick,
that doesn’t mean an organization can simply choose not to respond to the
suit and the legal fees associated with that response can add up quickly.
And the larger the breach, the faster the rush to court. Just ask Home
Depot – the lawsuits started within days of the breach being announced.

The reality today is that a compromise of personal information will result
in some sort of unexpected costs to the breached organization. General
liability insurance is not designed to respond to these expenses and the
few gaps that do exist in cyber insurance policies are quickly being closed
by insurance companies. One of the best choices available for protection
from the financial consequences of a data breach is with a cyber insurance
policy. Yes, there will be a start date for covered events (the retroactive
date) but once this is established, that date shouldn’t change unless there
is a break in the coverage and even then this date can be negotiated with
carriers for a price.  For buyers, this also means that the sooner a cyber
policy is put in place, the quicker that retroactive date moves into the
past.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!