Any company that has a web presence or is linked to the internet for data storage, transactions, or other purposes, has a reason to mitigate against the risks posed by hackers or other disruptions of service. One increasingly popular way to hedge against these risks is cyber insurance. Policies often cover against losses from data destruction, hacking, theft, denial of service attacks, privacy breaches, and extortion.
The cyber insurance industry is relatively young and there are many characteristics that make this type of specialty insurance unique. Some features of this type of insurance, aside from the rapidly developing nature of the industry and legal understanding thereof, warrant careful attention. Among others, these features include the scarcity of reinsurance, vagueness of policy language, and difficulty in estimating damage. Our attorneys at Grant | Shenon are well-versed in insurance strengths and weaknesses and can help organizations, whether commercial, non-profit or government, navigate the landscape and procure appropriate levels of coverage.
Nowadays, mobile devices and the apps that run on them are used for tasks that just a few years ago seemed unthinkable. Today’s mobile phones and tablets have much more computing power, and are capable of much more, than the computers of a decade ago. From conducting real estate transactions or health examinations, to editing video, they can do so much. The growth of information technology in society and our everyday lives carried with it increased risk of disruption or security breaches. Even with comprehensive security measures, the risk of a breach is high. Major organizations who suffered breaches include Target, Yahoo, Equifax, Delta Airlines, Sears and the United Nations, among others. The number and success of attacks has unfortunately, but predictably, driven up the premiums of cyber insurance policies.
Many, if not most companies, have started to consider cyber security breaches as significant business risks and are looking at ways to forestall them and deal with their consequences. The cost per breach is in the millions. According to IBM, the average cost for a data breach rose from $3.86 million to $4.24 million (How much does a data breach cost?). One way to deal with the financial damage of a breach is insurance.
Cyber insurance has been available since the 1990s. This makes sense if you think about that decade as the dot-com explosion. Before that, specialized computer crime was covered. The first policies covered online media or data processing errors. These policies often excluded first-party coverage and rogue employees. Insurance companies eventually added in first-party coverage, business interruption, extortion, and network damage. Today’s cyber insurance is almost an entirely different product from the initial product offerings, covering more parties, for more types of damage. Specialty products, such as privacy coverage, exist. There are almost certainly policies that can cover your risks, and we are happy to discuss the appropriate coverage.
We counsel clients on planning and use of insurance for the data protection space. Specifically, our firm’s experience in guiding companies large and small through the process of obtaining coverage for online perils is unparalleled. So too is the track record of our Insurance Recovery and Advisory practice, an integral element of the Privacy, Data Security and Information Use group, in winning battles with insurers over cyber coverage.