Cybersecurity Insurance

Today, most companies are dependent on technology and their computer systems, and there are entities whose primary focus is to hack into these systems. On the other hand, a company might experience an internal breach of its network system, which causes the unauthorized release of sensitive information. Any breach into or out of these systems could be catastrophic. The computer network for a company may contain important data, intellectual property, and consumer information. All industries are susceptible to a data breach. To help protect against these risks, companies must insure themselves with the correct policy. Traditional insurance policies may not be enough to cover all the risks. In recent years, insurance companies have begun to issue specific cybersecurity policies. What kinds of claims are covered under these cybersecurity insurance policies? How can an insurance company ensure that it is mitigating its own risks in underwriting a cyber policy? If you are concerned with these questions, then the effectiveness and scope of these cybersecurity policies is relevant to your company.

What Is Cybersecurity Insurance?

Cybersecurity insurance is an insurance policy that helps mitigate the risks posed by incidents such as “data breaches, business interruptions, and network damages.” The market for this kind of policy is still in development, and insurance companies and consumers are unsure how far reaching the policy protections are. Department of Homeland Security has stated that a more developed cybersecurity insurance market would lead to fewer successful cyber attacks—i.e., by implementing preventive measures in conjunction with policies and lowering premium prices based on the level self-protection. There are steps that companies and individuals can take to reduce their risk level to a cyber attack, and these steps may actually help prevent attacks. Preventive measures can at least lower the risk an insurance company must take in underwriting a cyber policy.

Why Do We Need Specialized Policies?

Traditional or general liability policies may not cover all the risks of a cyber attack or network breach. In the past, it may have been unclear whether these types of policies covered cyber risks.  For example, in Eyeblaster, Inc. v. Federal Insurance Co., a federal court held that an insurance company was liable for data breaches under general liability and error and omissions policies. But, another federal court in America Online Inc. v. St. Paul Mercury Insurance Co., held that an insurance company was not liable for software that caused damage to consumer computers. Therefore, insurance companies must make it clear that traditional insurance policies do not cover cyber risks and instead direct their customers to a tailored cyber policy. Insurance companies must communicate clearly to their customers what is included in a cybersecurity policy because there are so many scenarios wherein a breach can occur. They should also disclose what type of data is covered—i.e., whether it is consumer data or trade secrets stored on computer networks. Also, a policy may cover external breaches into a network and/or internal mistakes that release sensitive information. The market for cybersecurity insurance is new, but growing and the legal protections for consumers and insurance companies are not always clear.

You may contact us to speak to an attorney regarding cybersecurity breaches and related issues.