Cyber Liability Insurance Becoming Mainstream
American International Group (AIG) recently announced that it will offer standalone primary coverage for property damage, bodily injury, business interruption, and product liability stemming from a cyber-attack. The highly-publicized hacks of Target, T-Mobile, Yahoo, Anthem, etc. has caused demand for cyber liability insurance to grown exponentially due to heightened risk awareness, according to the National Association for Insurance Commissioners.
Determining Proper Coverage
The prevalence of cyber liability insurance is a fairly new phenomenon, so there is currently no standardization of cyber insurance policies. This means the terms and exclusions of a policy can vary extensively from one insurer to the next. However, cyber insurance policies should, generally speaking, provide coverage for third-party liability, first-party losses or both. For third-party liability, a cyber-liability insurance policy should cover costs associated with an actual or suspected data security or privacy breach, including (but not limited to):
- Notice costs
- Public relations consultancy fees
- Regulatory compliance costs
- Indemnification pursuit costs
In regards to first-party coverage, your police should include coverage for lost revenue due to interruption of data systems and the cost of restoring, recreating or recollecting lost or stolen data. Some insurance policies include coverage for costs associated with ransomware and extortion threats where companies are required to pay a dollar amount to a hacker to release the company’s data.
Given the lack of standardization and competitive market, the terms of cyber insurance coverage tend to be highly negotiable. Terms that are initially offered in the form of an apparently “off the shelf” policy by an insurer may often be customized, through negotiation, in order to respond to a prospective policyholder’s unique circumstances.
Cost of Cyber-Liability Coverage
The cost of cyber insurance will vary depending on multiple actors such as the size and risk factors of your organization, the amount of coverage purchased, and the size of any deductibles. You may also be able to negotiate revisions and make enhancements to the policy language. This is possible because, as mentioned earlier, cyber-liability insurance policies are in a fledgling stage lacking established norms and standardized provisions. This means your company may have the flexibility to craft a policy tailored to your needs.
Exclusions and Limitations Require Review and Negotiation
Do not make the mistake of purchasing cyber-liability insurance thinking you are covered, then later discover, post-hack, that the terms of your policy do not apply because of an exclusion or limitation. This means you need to have an insurance coverage attorney review the policy before going forward.
Speak to Experienced Insurance Coverage Attorneys
If your company is considering cyber-liability coverage, you should speak with an experienced insurance coverage attorney to thoroughly review the terms of the proposed policy to see whether you are effectively minimizing your exposure to a cyber attack and whether further negotiation is needed for certain provisions to enhance your protection. As with all insurance policies, you have to be aware of the many potential limitations and exclusions that could come with a cyber-liability policy. The South Texas law firm of Colvin, Saenz, Rodriguez & Kennamer, L.L.P., has the experience and knowledge to assist you and your business. Our firm represents insurance companies and the businesses insured by them in a variety of insurance coverage disputes. Contact our office today to learn more.